from here |
Having recently become constrained by FIPS 140-2 compliance I found myself wondering "How am I supposed to hash passwords?". Then I wondered "How have other FIPS 140-2 compliant vendors been hashing passwords?" - and then I thought of the most obvious answer* and all the breaches of government systems seemed a lot less surprising.
(*Using a cryptographic hash instead of a password hash)
0 comments:
Post a Comment