Can anyone share best practices for implementing salting in hash functions?

Security & GRCData Protection & EncryptionSecurity Strategy & Roadmap+1 more
355 views2 Comments
Sort By:
Oldest
Chief Information Security Officer in Healthcare and Biotecha year ago
Adding few steps for your support -  

1. Create an unrepeated salts for each and every applications or services.
2. Combine the salt with a strong alphanumeric password
3. Always have strong and long hash algo
4. Implement multiple iterations
5. Enforced to update the salt and hash after a periodic internal (have the internal as short as possible )
6. Secure store of salt and Hash.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Chief Evangelist in IT Servicesa year ago
Is this for password storage? Most organization I've worked with simply adopt a modern hashing algorithm such as outlined here that automatically salts the passwords.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#password-hashing-algorithms

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

For a medium to large enterprise, we are reviewing options for phishing simulation tools to enhance our security awareness program. Could you share any recommendations or experiences with specific tools that have worked well in your organisations?

SecuritySecurity Strategy & RoadmapAwareness & Training
Information Security Analyst in Manufacturing6 days ago
I have experience with a couple of different phishing simulation solutions, from the earlier Wombat phishing simulation platform (now Proofpoint ThreatSim) to KnowBe4.  Wombat was always a good solution, but I haven't used ...read more
1 Reply
314 views2 Comments

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments