2.4.1 TODOΒΆ
Verify that passwords are stored in a form that is resistant to offline attacks. Passwords SHALL be salted and hashed using an approved one-way key derivation or password hashing function. Key derivation and password hashing functions take a password, a salt, and a cost factor as inputs when generating a password hash. (C6)
| Level 1 | |
| Level 2 | X |
| Level 3 | X |
| CWE | NIST |
|---|---|
| 916 | 5.1.1.2 |