ASVS Requirement 6.5.2

• Level: 2
• Chapter: V6 Authentication
• Section: V6.5 General Multi-factor authentication requirements
• Source: 0x15-V6-Authentication.md

Description

Verify that, when being stored in the application's backend, lookup secrets with less than 112 bits of entropy (19 random alphanumeric characters or 34 random digits) are hashed with an approved password storage hashing algorithm that incorporates a 32-bit random salt. A standard hash function can be used if the secret has 112 bits of entropy or more.