Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add salting to user passwords #61

Open
soryy708 opened this issue Dec 3, 2018 · 1 comment
Open

Add salting to user passwords #61

soryy708 opened this issue Dec 3, 2018 · 1 comment
Assignees
@StavLobel
Labels
feature Makes something new work, or changes existing behaviour

Comments

@soryy708
Copy link
Member

soryy708 commented Dec 3, 2018

We're using industry best practices for storing user passwords.
We're storing a SHA-256 hash of the password, which is by design a one-way function. There's no sane way to get a users password from its hash.

For extra security, though optional, we can add a salt to the password to make the resulting hash different even though originally passwords are similar. This adds an extra bit of security.
@soryy708 soryy708 added the feature Makes something new work, or changes existing behaviour label Dec 3, 2018
@soryy708
Copy link
Member Author

soryy708 commented Dec 3, 2018

Most of the work should be limited to just user container and user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@StavLobel StavLobel

Labels
feature Makes something new work, or changes existing behaviour
Milestone
No milestone
Development

No branches or pull requests
2 participants
@soryy708 @StavLobel