Talks

A Recipe for Password Storage: Add Salt to Taste

Nick Malcolm (Aura Information Security)

Every time a website gets breached you hope to hear “your password was salted and hashed: instead of “your passwords were stored in plain text” - but what does that actually mean, and why is it a good thing?

Wash your hands, don your apron, and join me for as we follow the recipe for storing passwords safely. We’ll learn a bit about cryptography and one-way functions (that’s the hash!), how to source good ingredients (bcrypt, scrypt, argon, oh my!), why adding a pinch of salt helps, how many times must we stir the mix, and what happens if we miss a step? In the face of an attacker, will our delicious password loaf rise to the occasion, or will it fall flat in disappointment and despair?!

About Nick
Nick specialises in Application Security and works as a consultant at Aura Information Security in Wellington. He runs secure developer training and gets embedded in development teams to offer security advice. He regularly presents at meetups and conferences, including OWASP Day 2020 and 2017, CyberCon AU 2018, and AppSec AU 2017.