If you attended the 2020 edition of Pass the SALT, a conference dedicated to free software and security, you may have just stumbled upon a
Tag: Passwords
FIDO2 Deep Dive: Attestations, Trust model and Security
Update 2020-02-14: As pointed out by a reader (thank you!), attestations do not protect against man-in-the-middle attacks where an attacker owns a genuine authenticator of
FIDO2: Solving the Password Problem
Introduction Passwords are a problem and you’d be hard-pressed to find a security professional who disagrees. According to Verizon’s 2019 Data Breach Investigation Report, 62%
Closing the Password Hashing Competition, releasing Argon2
In fall 2012, I proposed to organize an open competition in order to develop a new crypto standard for hashing passwords—be it to protect users’
Secure password hashing: requirements and design choices
This is the promised follow-up to my first post on secure password hashing. We now focus on the security requirements and design choices, which will
Secure password hashing: why we need it
Nobody likes passwords. Especially when you receive your password in clear text after hitting “forgot my password”—evidence that the server stores the password either in
Kudelski Security Research 