OhRyan.ca » passwords

Rethinking Passwords

RyanN — Wed, 07 Sep 2011 14:32:55 +0000

Made my first post over at the company blog. Thought it would only be appropriate to give it some link love over here. My thoughts on the future of password: Rethinking Passwords.

Assault on the Hash (or how to make secure your passwords)

RyanN — Mon, 04 Jul 2011 05:47:19 +0000

In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*.

The solution, use bcrypt. Essentially, it’s an extremely slow hashing algorithm.

To me this seems a little bit like security through obscurity, every once in awhile – as CPU speed increases - you’ll have to update your algorithm to generate hashes even slower.

Non-Alpha-Numeric Passwords

RyanN — Sat, 21 Jul 2007 17:36:29 +0000

Why won’t my bank allow me to use non-alpha-numeric characters in my online banking password?!
Don’t they want my password to be as secure as possible?