Tag
password-hashing
Safeguard articles tagged "password-hashing" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Secure password hashing in Go: bcrypt, Argon2, and the mistakes in between
Go's bcrypt package caps input at 72 bytes and returns ErrPasswordTooLong instead of silently truncating — one of several Go-specific quirks that trip up password hashing code.
Jul 8, 20266 min read
Security Guides
C# Cryptography Best Practices in .NET
The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.
Jul 5, 20265 min read
Vulnerabilities
Password Security Storage: Hashing Done Right
Password security storage still gets built wrong in 2024 — here's what a correct implementation looks like, from algorithm choice to salt handling to migration.
Sep 17, 20245 min read