CheatSheetSeries icon indicating copy to clipboard operation
CheatSheetSeries copied to clipboard
verified publisher icon OWASP

Update: Password_Storage_Cheat_Sheet

Open Sc00bz opened this issue 4 months ago • 3 comments

What is missing or needs to be updated?

https://github.com/OWASP/CheatSheetSeries/blob/9f9424ae0237ae3f21ab24e8ea98c9ef243bb01d/cheatsheets/Password_Storage_Cheat_Sheet.md?plain=1#L118

the minimum CPU/memory cost parameter (N), the blocksize (r) and the degree of parallelism (p)

This should be changed to either:

"the minimum CPU/memory cost parameter (N), the blocksize (r) and the CPU cost/parallelism (p)"

or

"the minimum memory cost parameter (N), the blocksize (r) and the degree of parallelism (p)"

Since computational cost are proportional to both N and p. So either add "CPU" to p or remove it from N. There's likely a better way to word "the CPU cost/parallelism (p)".

https://github.com/OWASP/CheatSheetSeries/blob/9f9424ae0237ae3f21ab24e8ea98c9ef243bb01d/cheatsheets/Password_Storage_Cheat_Sheet.md?plain=1#L126

provide an equal level of defense

Maybe change to "provide a minimal level of defense" or maybe "provide a similar minimal level of defense", but I feel "similar" is redundant.

Sc00bz avatar Aug 06 '25 02:08 Sc00bz

Steve, I trust your instinct here. Would you like me to take this on or would you like to submit a PR?

jmanico avatar Aug 06 '25 08:08 jmanico

Hi @Sc00bz, I’d like to work on this issue. I’ve reviewed the section in Password_Storage_Cheat_Sheet.md and understand the wording changes needed for (N), (r), and (p). Could you please assign me so I can submit a PR?

Thanks!

Prasad-JB avatar Aug 12 '25 06:08 Prasad-JB

Hi @Sc00bz, I’d like to work on this issue. I’ve reviewed the section in Password_Storage_Cheat_Sheet.md and understand the wording changes needed for (N), (r), and (p). Could you please assign me so I can submit a PR?

Done!

jmanico avatar Aug 12 '25 09:08 jmanico