Can anyone share best practices for implementing salting in hash functions?

Security & GRC Security Strategy & Roadmap

385 views2 Comments

Sort by:

Chief Evangelist in IT Services2 years ago

Is this for password storage? Most organization I've worked with simply adopt a modern hashing algorithm such as outlined here that automatically salts the passwords.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#password-hashing-algorithms

Chief Information Security Officer in Healthcare and Biotech2 years ago

Adding few steps for your support -

1. Create an unrepeated salts for each and every applications or services.
2. Combine the salt with a strong alphanumeric password
3. Always have strong and long hash algo
4. Implement multiple iterations
5. Enforced to update the salt and hash after a periodic internal (have the internal as short as possible )
6. Secure store of salt and Hash.

Content you might like

How Long Does Your Organization Retain Original Systems Logs Used to Filter SOX-related Actions Into A System That Requires Review of the Logs and Retains the Filtered Logs for Seven Years?

A. 90 Days
B. 365 Days
C. 3 years
D. 5 years
E. 7 years
F. Other

Does your organization consider those original system logs records subject to record retention requirements, or supporting information used to create the SOX records?

Thank you so much for sharing.

The use of Generative AI in the textile and industrial sectors — for instance in fashion companies or in the creation of marketing content — carries significant risks if not supported by adequate detection and risk management tools. Generative models may unintentionally incorporate elements protected by intellectual property rights, such as registered styles, patented designs, or content belonging to other fashion houses.

A notable example is the “Studio Ghibli” case, where AI-generated works reproduced distinctive, protected features.

In this context, how should Risk Managers equip themselves to prevent and mitigate such risks, ensuring innovation while avoiding legal violations and reputational damage?

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

If you have a smart TV, are you personally concerned about its listening capabilities (with regards to the potential privacy risks)?

Yes87%

No12%

On average, how many phishing messages do you receive per week? (Includes email, SMS, voicemails, etc.)

0-111%

2-565%

6-1015%

11 or more7%

View Results

Can anyone share best practices for implementing salting in hash functions?

Sort by:

Content you might like

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

If you have a smart TV, are you personally concerned about its listening capabilities (with regards to the potential privacy risks)?

On average, how many phishing messages do you receive per week? (Includes email, SMS, voicemails, etc.)

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go