Author: JP Aumasson

This is the promised follow-up to my first post on secure password hashing. We now focus on the security requirements and design choices, which will

Nobody likes passwords. Especially when you receive your password in clear text after hitting “forgot my password”—evidence that the server stores the password either in