OWASP AppSecUSA 2012: Analyzing and Fixing Password Protection Schemes скачать в хорошем качестве

OWASP AppSecUSA 2012: Analyzing and Fixing Password Protection Schemes

Speaker: John Steven In this talk jOHN takes apart password protection scheme analyzing the attack resistance of hashes, hmacs, adaptive hashes (such as script), and encryption schemes. First, we present a threat model for password storage. Then audience members will learn the construction, performance, and protective properties of these primitives. Discussion of the primitives will be from a critical perspective modeled as an iterative secure design session.  Ultimately, this session presents the solution and code donated as part of the on-going OWASP PSM (password storage module) project. Discussion of this solution will include key techniques for hardening PSM learned through years of delivering production JavaEE code to customers. For more information visit: http://bit.ly/AppSec12_USA_information To download the video visit: http://bit.ly/AppSec12_USA_videos Playlist OWASP AppSec USA 2011: http://bit.ly/AppSec12_USA_playlist