by Thomas Waldmann for
A tour of decreasingly bad ideas regarding server/software-side password handling. After showing off popular ways to fail badly, I’ll also show an easy and recommendable way to deal with passwords (passlib) plus some generic ideas.
Topics: Storage and Verification of passwords, algorithms, attacks, security breaches and consequences, password invalidation, thoughts about legacy hashes, upgrading hashes, double hashing, Q&A + discussion.
Goal: encourage python developers to handle passwords adequately, encourage outsourcing and collaboration on this topic, avoid the next password desaster ;)
Prerequisites: a basic understanding of Python, security and responsibility. Talk focus is on practical understanding (not on math or crypto theory).