This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 25 • 4:00pm - 4:45pm
Analyzing and Fixing Password Protection Schemes

Sign up or log in to save this to your schedule and see who's attending!

In this talk jOHN takes apart password protection scheme analyzing the attack resistance of hashes, hmacs, adaptive hashes (such as script), and encryption schemes. First, we present a threat model for password storage. Then audience members will learn the construction, performance, and protective properties of these primitives. Discussion of the primitives will be from a critical perspective modeled as an iterative secure design session.

Ultimately, this session presents the solution and code donated as part of the on-going OWASP PSM (password storage module) project. Discussion of this solution will include key techniques for hardening PSM learned through years of delivering production JavaEE code to customers.

avatar for John Steven

John Steven

Internal Chief Technology Officer, Cigital Inc.
I spend incalculable time striving to make the perfect macchiato. Passionate about running and reading. I'm alarmed at the lack of innovation within application security over the past five years and anxious to get back to designing and implementing large-scale systems. | | Others have said: John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis... Read More →

Thursday October 25, 2012 4:00pm - 4:45pm
Adobe Room - Texas Ballroom I Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (47)