Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement better password hashing #441

Closed
aguacongas opened this issue Apr 28, 2021 · 2 comments
Closed

Implement better password hashing #441

aguacongas opened this issue Apr 28, 2021 · 2 comments
Labels
enhancement New feature or request
Projects
TheIdServer

Comments

@aguacongas
Copy link
Member

aguacongas commented Apr 28, 2021
edited

Follow this article https://www.scottbrady91.com/aspnet-identity/improving-the-aspnet-core-identity-password-hasher
@aguacongas aguacongas created this issue from a note in TheIdServer (To do) Apr 28, 2021
@aguacongas aguacongas added the enhancement New feature or request label Apr 28, 2021
@Shaptorshi
Copy link

Better Password Hashing

using bcrypt extension, we can make the password hashing better as given below:

const inputPassword = req.body.password
const salt = await bcrypt.genSalt(10)
let securedPassword = await bcrypt.hash(inputPassword, salt)

This leads to a high security of hidding the password by strong hashing of scrambled letters and numerics.
The genSalt is the cost of processing data whose default value is 10

@aguacongas
Copy link
Member Author

aguacongas commented Sep 5, 2023
edited

Hi, thx to contribute.
The goal here is also to offer a way to choose the hash algorithm (Bcrypt, Argon2, Scrypt or PBKDF2). and to have a password migration.

aguacongas pushed a commit that referenced this issue Nov 5, 2023
feat: argon 2 password hasher
ae23dc0 
#441
@aguacongas aguacongas mentioned this issue Nov 10, 2023
Merged
aguacongas pushed a commit that referenced this issue Nov 10, 2023
feat: bcrypt password hasher
76cda86 
#441
@aguacongas aguacongas mentioned this issue Nov 10, 2023
Merged
aguacongas pushed a commit that referenced this issue Nov 12, 2023
feat: upgrade password hash
42b9352 
#441
@aguacongas aguacongas mentioned this issue Nov 12, 2023
Merged
aguacongas pushed a commit that referenced this issue Nov 12, 2023
feat: password migration
acf59be 
#441
@aguacongas aguacongas mentioned this issue Nov 12, 2023
Merged
aguacongas pushed a commit that referenced this issue Nov 12, 2023
build: exclude files to publish dir
8c40f8e 
#441
TheIdServer automation moved this from To do to Done Nov 15, 2023
aguacongas pushed a commit that referenced this issue Mar 9, 2024
@semantic-release-bot
chore(release): 8.0.0
b57cd1a 
# [8.0.0](7.4.6...8.0.0) (2024-03-09)

### Bug Fixes

* check dependencies whem latest not found ([2e7def4](2e7def4))
* middleware pipeline ([c5c04d3](c5c04d3))
* oidc configuration serialization ([8cdd617](8cdd617))
* return null when entity is null ([c380b41](c380b41)), closes [#1188](#1188)
* update packages ([5318170](5318170))
* update packages ([61dbc3e](61dbc3e))
* update packages ([32fa2d7](32fa2d7))
* update packages ([ac318d1](ac318d1))
* update packages ([19e4256](19e4256))
* update packages ([d850684](d850684))
* update packages ([48dbd44](48dbd44))
* update packages ([1e304d0](1e304d0))
* update packages ([4dacc38](4dacc38))
* update packages ([6edadb5](6edadb5))
* update packages ([ea92009](ea92009))
* update packages ([d7530bb](d7530bb))
* update packages ([a6bbb89](a6bbb89))
* update packages ([288711a](288711a))
* update packages ([c60bc5d](c60bc5d))
* update packages ([319e46c](319e46c))
* update packages ([e6da0ba](e6da0ba))
* update packages ([15188e6](15188e6))
* update packages ([ea52768](ea52768))
* update packages ([22d7859](22d7859))
* update packages ([76ac141](76ac141))
* update packages ([5969385](5969385))
* update packages ([d76c3e9](d76c3e9))
* update packages ([02db302](02db302))
* update packages ([39a4a6f](39a4a6f))
* update packages ([0a917a0](0a917a0))
* update packages ([4c0aac9](4c0aac9))
* update packages ([e82be27](e82be27))
* update packages ([c9476b0](c9476b0))
* update packages ([83be04f](83be04f))
* update packages ([54f46d8](54f46d8))
* update packages ([943dfe7](943dfe7))
* update packages ([ed3e0da](ed3e0da))
* update packages ([bd1880c](bd1880c))
* update packages ([f583676](f583676))
* update packages ([19af2a5](19af2a5))
* update packages ([837b340](837b340))
* update packages ([733f334](733f334))
* update packages ([2343523](2343523))
* update packages ([179de45](179de45))
* update packages ([fb93717](fb93717))
* update packages ([59028a9](59028a9))
* update packages ([70bb8ab](70bb8ab))
* update packages ([1f64bbf](1f64bbf))
* update packages ([8da3b40](8da3b40))
* update packages ([024f4a7](024f4a7))
* update packages ([1a0753e](1a0753e))
* update packages ([3f607f6](3f607f6))
* update packages ([1fa6a62](1fa6a62))
* update packages ([597210c](597210c))
* update packages ([df68d4f](df68d4f))
* update packages ([5e2d73e](5e2d73e))
* update packages ([887cb4d](887cb4d))
* update packages ([2f110e2](2f110e2))
* update packages ([df057a2](df057a2))
* update packages ([67bc810](67bc810))
* update packages ([37d2bb9](37d2bb9))
* update packages ([8c036ae](8c036ae))
* update packages ([386f684](386f684))
* update packages ([0c36cac](0c36cac))
* update packages ([ef8891b](ef8891b))
* update packages ([3e3c89a](3e3c89a))
* update packages ([25978ce](25978ce))
* update packages ([c2b1b9e](c2b1b9e))

### Build System

* .net 8 rc1 ([1568bcc](1568bcc))
* bump sdk & dependencies to .Net 8 RC2 ([21d6c17](21d6c17))
* remove deprecated opentelemetry pacakegs ([99bee99](99bee99))

* 8.0.0 preview (#1136) (#1138) ([6974107](6974107)), closes [#1136](#1136) [#1138](#1138)
* 8.0.0 preview (#1136) ([ef09208](ef09208)), closes [#1136](#1136)

### Features

* argon 2 password hasher ([ae23dc0](ae23dc0)), closes [#441](#441)
* bcrypt password hasher ([76cda86](76cda86)), closes [#441](#441)
* dynamic client registration with par ([8875cca](8875cca))
* password migration ([acf59be](acf59be)), closes [#441](#441)
* push authorization request configuration ([e910664](e910664))
* push autorization request ([bdedc2a](bdedc2a))
* scrypt password hasher ([cb26092](cb26092))
* scrypt password hasher ([b1b8063](b1b8063))
* upgrade password hash ([42b9352](42b9352)), closes [#441](#441)

### BREAKING CHANGES

* Jaeger configuration removed
* .Net 8
* .Net 8
* .Net 8 RC2
* .Net 8 RC1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
TheIdServer
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aguacongas @Shaptorshi