Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate to ASP.NET Core Identity IPasswordHasher #454

Closed
HeyJoel opened this issue Jul 1, 2021 · 0 comments
Closed

Migrate to ASP.NET Core Identity IPasswordHasher #454

HeyJoel opened this issue Jul 1, 2021 · 0 comments
Labels
enhancement
Milestone
0.10

Comments

@HeyJoel
Copy link
Member

HeyJoel commented Jul 1, 2021

Cofoundry currently supports upgradeable password hashing algorithms, which is a system put in place prior to migrating to .NET Core. Now that .NET Core Identity also supports upgradeable and improved algorithms we should move to use their IPasswordHasher implementation so we can keep parity with the Identity system and defer security decisions to their experts. This will also improve any migration of user accounts to and from Cofoundry.

Current algorithm used by Cofoundry: PBKDF2 with HMAC-SHA1, 192-bit salt, 64000 iterations
Current alorithm used by Identity: PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations
@HeyJoel HeyJoel added this to the 0.10 milestone Jul 1, 2021
@HeyJoel HeyJoel closed this as completed in 7cb1e74 Jul 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.10
Development

No branches or pull requests
1 participant
@HeyJoel