Here are the slides and links from my recent Blitz Talk on password security at SecondConf.
Update: I have just posted some followup discussions in a new blog post.
First, here are my slides. I’ve printed every build stage as a separate slide, so there are more than the 20 slides I had in the original presentation.
Now, here are the links to the sources that I used to prepare this talk:
- Coda Hale - How To Safely Store A Password
- Stack Overflow - How can bcrypt have built-in salts?
- Stack Overflow - Why bcrypt is sometimes better than PBKDF2
- TroyHunt.com - Our password hashing has no clothes
- Security Nirvana - The Final Word on the LinkedIn Leak
- Crack Station - Salted Password Hashing - Doint it Right
- Coding Horror - Speed Hashing
- Matt Gemmell - Hashing for privacy in social apps
- Ted Nasmith - Artwork for Tolkien’s Works
- Angband
Special thanks to Ted Nasmith for letting me use his painting in my Blitz Talk.