Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop all requirements that discuss salting #1002

Closed
jmanico opened this issue May 19, 2021 · 3 comments
Closed

Drop all requirements that discuss salting #1002

jmanico opened this issue May 19, 2021 · 3 comments
Assignees
@jmanico
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet

Comments

@jmanico
Copy link
Member

jmanico commented May 19, 2021

ASVS should not be discussing salts at all. All of the recommended password hashing algorithms salt for you.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

So all references salts should go away in 2.4.X and 2.4.2 should be removed
@Sjord Sjord mentioned this issue Jun 3, 2021
Closed
@jmanico
Copy link
Member Author

jmanico commented Jun 3, 2021

#1000

@Sjord Sjord mentioned this issue Jun 8, 2021
Merged
@elarlang elarlang added the 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet label Jul 20, 2021
@jmanico
Copy link
Member Author

jmanico commented Jul 30, 2021

This has been merged

@jmanico jmanico closed this as completed Jul 30, 2021
@cmlh
Copy link
Contributor

cmlh commented Jul 31, 2021

The merge should be performed by a different party to that of the requester.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmanico jmanico

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmlh @jmanico @elarlang