PSM - Secure Password Storage Module ======== This project describes goals, threats, and design for a reusable password storage module (PSM or module). Contents include: * Presentation Material - As presented @OWASP AppSecUSA Austin 2012 * Documents - Threat Model and Attacker vs. Defender Spreadsheet * Demo code - Split hash collision utility (Python 2.x) ======== [Presentation Material] * Secure Password Storage AUS (w/ Notes).pptx.pdf - With notes * Secure Password Storage AUS.pptx.pdf - Full-size slides, no notes [Documents] * ThreatModelforPWStorage.pdf - PDF print of PW Storage Threat Model Google doc @ http://goo.gl/Spvzs * Password Scheme Attacker Defender Cost Comparison Sheet.xlsx [code] * split_hash_util.py - Python utility for generating uniquely salted PBKDF2 hashes and then brute forcing them in full or in chunks This material is not a finished Password Storage Module but simply a "As-is" dump of material as presented at OWASP AppSecUSA Austin 2012. Please contact with questions/comments: John Steven - john.steven@owasp.org - @M1splacedsoul