Skip to content

fix #412 #413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 27, 2019
Merged

fix #412 #413

merged 2 commits into from
Dec 27, 2019

Conversation

mymindstorm
Copy link
Member

No description provided.

@mymindstorm mymindstorm requested a review from Sneezry December 24, 2019 19:12
Sneezry
Sneezry reviewed Dec 24, 2019
View reviewed changes
Sneezry
Sneezry reviewed Dec 25, 2019
View reviewed changes
@mymindstorm mymindstorm merged commit bd6ed29 into argon2 Dec 27, 2019
@mymindstorm mymindstorm deleted the storage-sec-fix branch December 27, 2019 16:53
mymindstorm added a commit that referenced this pull request Jan 28, 2020
@mymindstorm
Argon2 + encryption changes (#395)
2ed002e 
* add argon2-browser dependency

* wrapper argon2-browser

* argon2 for new accounts and imports

* forgot an await

* migrate

* fix performance issue

* update argon2 and types

* - remove the need for encryption where it wasn't needed

- Optimize adding & deleting (using state instead of reloading and checking the hash again)

- Use 16 KiB memory + Argon2di

* don't animate password prompt

* hash mem 16 KiB => 8 KiB

11 entries takes about 500ms with 16KiB, 8 KiB takes about 300ms

* fix password change not working

empty backup with no password fix

* no cookie again. developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Session_cookies

* migrate to key based system

* add hash

* fix bug

* entry hash -> uuid

* password hash check + warning

* add key to backup

* update argon2-browser

up the hasing memory to 16

* remove argon.hash

* Sandbox argon2 in Chrome

Chrome does not allow webassembly without adding 'unsafe-eval' to CSP.

* - show pass if  key in storage
- change password

* import

* fix #412 (#413)

* fix #412

* review fixes

* Fix #414 (#419)

* remove validity checks in getDecryptedSecret

* add length check to manual add account page

* Revert "remove validity checks in getDecryptedSecret"

This reverts commit a396de3.

* Update webpack.config.js

* fix type error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sneezry Sneezry Sneezry approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mymindstorm @Sneezry