If you attended the 2020 edition of Pass the SALT, a conference dedicated to free software and security, you may have just stumbled upon a

If you attended the 2020 edition of Pass the SALT, a conference dedicated to free software and security, you may have just stumbled upon a
Update 2020-02-14: As pointed out by a reader (thank you!), attestations do not protect against man-in-the-middle attacks where an attacker owns a genuine authenticator of
Introduction Passwords are a problem and you’d be hard-pressed to find a security professional who disagrees. According to Verizon’s 2019 Data Breach Investigation Report, 62%
In fall 2012, I proposed to organize an open competition in order to develop a new crypto standard for hashing passwords—be it to protect users’
This is the promised follow-up to my first post on secure password hashing. We now focus on the security requirements and design choices, which will
Nobody likes passwords. Especially when you receive your password in clear text after hitting “forgot my password”—evidence that the server stores the password either in