
Password storage disclosures - nailer
https://pulse.michalspacek.cz/passwords/storages
======
0xmohit
Nobody seems to be using Argon2 [0].

Argon2 was the winner of the Password Hashing Competition [1].

[0]
[https://en.wikipedia.org/wiki/Argon2](https://en.wikipedia.org/wiki/Argon2)

[1] [http://password-hashing.net/#phc](http://password-hashing.net/#phc)

------
nailer
It's essentially a grading system based on:

a) how well passwords are stored - ie hashing algos and options, with
plaintext as a fail

b) how well the company communicates the policy - a publicly available
password storage policy is required for an 'A'

