Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argon2id Password Hashing #170

Merged
merged 6 commits into from
Dec 10, 2023
Merged

argon2id Password Hashing #170

merged 6 commits into from
Dec 10, 2023

Conversation

wongaid
Copy link
Contributor

@wongaid wongaid commented Dec 9, 2023

Decouple bcrypt.

Shift hashing flows from bcrypt to argon2 - "id" format. Works in strings or bytes, making readability easier and less messing around with string encoding and DB compatibility etc.

Updated requirements.txt, and added new argon hashes to test user database. No new records required. Continue to use same passwords for testing.

@wongaid
Add initial pass of argon2id hashing
be2f43a 
- Added argon module to requirements, commented bcrypt out

- Added argon hashing to login

- Added argon hashing to register
@wongaid
Update database hashes and testing
3687a11 
With amended hashes, operational behaviour should just be plug and play.

Tested successfully with all 5 Basiq Test personas

Actually easier, better and more secure than bcrypt :)
@wongaid wongaid requested a review from SDzartov December 9, 2023 14:02
@wongaid
Copy link
Contributor Author

wongaid commented Dec 9, 2023

audit.txt conflict resolved

wongaid and others added 3 commits December 10, 2023 01:12
@wongaid
cleaned up
d51aa75 
Removed log and debug points

removed `hashed`, returned to pre-pull state that overwrites `input_password`. Avoids leaving password being exposed in Plaintext in mem.
@wongaid
Merge branch 'feature_FLASK_argon2id_hashing' of https://github.com/D…
420c806 
…ataBytes-Organisation/Neo_Dolfin into feature_FLASK_argon2id_hashing
@SDzartov
Merge branch 'develop' into feature_FLASK_argon2id_hashing
416f26e
@SDzartov SDzartov merged commit ba62bbd into develop Dec 10, 2023
@SDzartov SDzartov deleted the feature_FLASK_argon2id_hashing branch December 10, 2023 03:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SDzartov SDzartov SDzartov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wongaid @SDzartov