V2.6 — Look-up Secret Verifier
Look-up Secret Verifier: 3 L3 requirement(s). V2.6.1: Verify that lookup secrets can be used only once. V2.6.2: Verify that lookup secrets have sufficient randomness (112 bits of entropy), or if less than 112 bits of entropy, salted... V2.6.3: Verify that lookup secrets are resistant to offline attacks, such as predictable values.
| Property | Value |
|---|---|
| Section | V2.6 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ARCH-01 | Platform Architecture Non-Applicability Register |
Source: OWASP Application Security Verification Standard 4.0.3