Updated the Password Storage Cheatsheet #1057
Conversation
suyash5053
requested review from
kwwall,
mackowski and
jmanico
as code owners
There was a problem hiding this comment.
+1 for leaving a reference, but this doesn't explain all of my concerns, albeit for a different PR. Rather than repeating the here, please see the comments I left at:
https://github.com/OWASP/CheatSheetSeries/pull/1055/files/79b0198fefd61097b86c6475190d3d75d022b861#r1067644067
That was for PR #1055 but the same changes were made there.
Given that fact that NIST specifies at different figures for privileged and non-privileged accounts, I think that should be noted here. Which is this for? Also, since these iteration counts are different from the various NIST documents, I think we need the significance of that explained. For example, some industry sectors in the USA (e.g., typically financial institutions and companies that do contract work for the US government) generally need to adhere to FIPS-140 compliance. See the relevant comments at https://github.com/OWASP/CheatSheetSeries/pull/1055/files#r1067641302 for that context.
|
Can you check this against the lint errors and the previous update to the CS? |
This changes resloves #1043 by updating the Password Storage Cheatsheet.
Signed-off-by: Suyash Srivastava [email protected]