Best practices for password hashing and storage

Document Type Replaced Internet-Draft (kitten WG)
Author Sam Whited 
Last updated 2020-05-19 (latest revision 2020-05-12)
Replaced by draft-ietf-kitten-password-storage
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text html xml pdf htmlized bibtex
Additional Resources
- Issuer Tracker
- Other Repository
- Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-kitten-password-storage
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document outlines best practices for handling user passwords and other authenticator secrets in client-server systems making use of SASL.


Sam Whited (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)