"Please pass the salt: Serve up passwords w/ a side of entropy", with Brad Wood

The Online ColdFusion Meetup
The Online ColdFusion Meetup
Public group

Online meeting via Adobe Connect

http://experts.adobeconnect.com/cfmeetup/ · Online, GA

How to find us

Our meetings are entirely online. See the link in the body to find the meeting time in YOUR timezone! Then join us on the day at http://experts.adobeconnect.com/cfmeetup/.

Location image of event venue

Details

Our session on Thursday Dec 12 at 12pm (US ET, UTC-5) will be: "Please pass the salt: Serve up passwords with a side of entropy", with Brad Wood.

Topic description, speaker bio, meeting and recording links are below.

First, please note that the time shown on the meetup site is in Eastern time. If you're on a different timezone, it and the calendar links are NOT adjusted for you. The following link shows the time for you: https://www.timeanddate.com/worldclock/fixedtime.html?msg=Online+ColdFusion+Meetup&iso=20191212T12&p1=25&ah=1. That starts with the time as US ET, and lets you choose YOUR city from the list offered, to see the time in your own timezone.

MEETING URL: https://experts.adobeconnect.com/cfmeetup/

Recordings: https://recordings.coldfusionmeetup.com

TOPIC DESCRIPTION: (provided by the speaker)

Passwords are like opinions, everyone has them and some are easier to figure out than others. As application developers and DBAs, our users entrust us with the precious keys to their social media, E-mails, bank accounts, and shopping history. Hopefully everyone has figured out storing your passwords in plain text is really bad, but is a simple hash good enough?

You’ve probably heard someone say that if you're rolling your own crypto, you’re probably doing it wrong, but what ARE you supposed to do? There’s so much information out there about encryption, hashes, iterations, salts, and entropy that it’s hard to decipher and sometimes even harder to convince your boss why it’s worth spending time on.

Let’s take a practical look into the world of password storage by starting with the most basic approach and what’s wrong with it. We’ll work through many of the common techniques and explain how they fall short.

We’ll talk about the tools crackers use such as brute force, lookups, and rainbow tables to explain how the baddies wrench your users’ secrets from your stolen databases using several recent high-profile attacks as examples. How can you protect against a thread you don’t even understand?

• Why YOUR site is worth making secure
• How hashing differs from encryption
• What password policy creates the best entropy
• What the heck is a rainbow table and does it have a pot of gold at the end?
• What libraries you can start using today to do it “right”?

ABOUT THE SPEAKER: (provided by the speaker)

Brad grew up in southern Missouri and after high school majored in Computer Science with a music minor at MidAmerica Nazarene University (Olathe, KS). Today he lives in Kansas City with his wife and three girls. Brad enjoys all sorts of international food and the great outdoors.

Brad has been programming ColdFusion for 12 years and has used every version of CF since 4.5. He first fell in love with ColdFusion as a way to easily connect a database to his website for dynamic pages. He enjoys configuring and performance tuning high-availability Windows and Linux ColdFusion environments as well as SQL Server.

DURATION: Approx. 1 hour, plus time for questions

RECORDINGS:

All meetings are recorded. The URL will be posted after meeting at https://recordings.coldfusionmeetup.com. In addition to those Adobe Connect streaming recording posted immediately after the meeting, we also post recordings at Youtube usually within a day of the meeting.

LOGGING IN: When you login to the Connect room ( https://experts.adobeconnect.com/cfmeetup ) to view the meeting, PLEASE USE THE "LOGIN AS GUEST" option, and USE YOUR NAME, but do NOT attempt to use your meetup.com username/password. And no need to have or use any Connect account. Just sign in as a guest.

ADD THIS TO YOUR CALENDAR: Want to add this event to your own personal calendar? A calendar link is offered both in the invitations emailed to members and on the meetup event page. But again, note that meetup doesn't let me indicate the timezone, and it doesn't change the time to suit your own timezone. YOU must change the time entry in your calendar. Sorry.