Skip to main content

Best practices for password hashing and storage

Document Type Expired Internet-Draft (kitten WG)
Expired & archived
Author Sam Whited
Last updated 2022-03-31 (Latest revision 2021-09-27)
Replaces draft-whited-kitten-password-storage
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Associated WG milestone
Nov 2022
Submit "Best practices for password hashing and storage" to IESG
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document outlines best practices for handling user passwords and other authenticator secrets in client-server systems making use of SASL.


Sam Whited

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)