SSL, RC4, and site administrators
By: Steve Bellovin | Mar 29, 2013 3:14PM
There’s been yet another report of security problems with SSL. If you run a website or mail server, you may be wondering what to do about it. For now, the answer is simple: nothing—and don’t worry about it.
Storing passwords, or the risk of a no-salt diet
By: Steve Bellovin | Mar 21, 2013 1:31PM
A while back, I wrote about passwords and promised a later post on salting. This is it: a deeper look at how servers should accept and store passwords. This is a complement to the usual articles on passwords, which focus on the user (you know the ones: “pick strong passwords”); here, I’ll be looking at the server side, and in particular how to store passwords for web sites.
Continue Reading Storing passwords, or the risk of a no-salt diet
