V2.4 — Credential Storage
Credential Storage: 5 L3 requirement(s). V2.4.1: Verify that passwords are stored in a form that is resistant to offline attacks. Passwords SHALL be salted and hashed us... V2.4.2: Verify that the salt is at least 32 bits in length and be chosen arbitrarily to minimize salt value collisions among sto... V2.4.3: Verify that if PBKDF2 is used, the iteration count SHOULD be as large as verification server performance will allow, typ... ... and 2 more.
| Property | Value |
|---|---|
| Section | V2.4 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ARCH-01 | Platform Architecture Non-Applicability Register |
Source: OWASP Application Security Verification Standard 4.0.3