The Good
● Rainbow tables
won’t work!
● Still easy to brute
force.
● Have to store your
salt in the
database.
The Bad
Slide 24
Slide 24 text
Let’s talk about
speed.
Slide 25
Slide 25 text
Slower is Better
Slide 26
Slide 26 text
bcrypt is slow
Slide 27
Slide 27 text
scrypt is slower!
Slide 28
Slide 28 text
But … Complexity Still Matters
Slide 29
Slide 29 text
Quick Recap
Slide 30
Slide 30 text
Next Up
Storage
Slide 31
Slide 31 text
?
?
?
?
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
Tips for Mitigating DB Attacks
Slide 34
Slide 34 text
Distributed Hash
Slide 35
Slide 35 text
Encrypting Hashes
Slide 36
Slide 36 text
Rotating Keys
Slide 37
Slide 37 text
Summary
● Use bcrypt (or scrypt, if you live on the edge).
● Lock your server(s) down.
● Encrypt output if necessary.
● Prevent human access.
Slide 38
Slide 38 text
Security is Hard, We can Help
Slide 39
Slide 39 text
Flask-Stormpath
Slide 40
Slide 40 text
So...
● Don’t store passwords in plain text!
● Check out Flask-Stormpath on
Github: https://github.
com/stormpath/stormpath-flask
● If you liked this presentation, tweet
us! @gostormpath