-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase Salt randomness #18179
Merged
Merged
Increase Salt randomness #18179
Commits on Jan 4, 2022
-
- The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit. - The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness. - Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16).
Gusted committedJan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 6f1bb3e - Browse repository at this point
Copy the full SHA 6f1bb3eView commit details -
Gusted committed
Jan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for b00a4ba - Browse repository at this point
Copy the full SHA b00a4baView commit details -
- When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt.
Gusted committedJan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 4ac0c4b - Browse repository at this point
Copy the full SHA 4ac0c4bView commit details -
Reword comment in
hashPassword
Gusted committedJan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 8076dba - Browse repository at this point
Copy the full SHA 8076dbaView commit details -
Gusted committed
Jan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 0fd2657 - Browse repository at this point
Copy the full SHA 0fd2657View commit details -
Gusted committed
Jan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 359ac9e - Browse repository at this point
Copy the full SHA 359ac9eView commit details -
Gusted committed
Jan 4, 2022 Configuration menu - View commit details
-
Copy full SHA for 491309d - Browse repository at this point
Copy the full SHA 491309dView commit details -
Configuration menu - View commit details
-
Copy full SHA for dcdc72d - Browse repository at this point
Copy the full SHA dcdc72dView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.