Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bcrypt is hardcoded #146

Closed
daffl opened this Issue Mar 31, 2016 · 4 comments

Comments

Projects
None yet
3 participants
@daffl
Copy link
Member

daffl commented Mar 31, 2016

There does not seem to be a way to change your hashing strategy except for passing your own bcrypt API compatible object at https://github.com/feathersjs/feathers-authentication/blob/master/src/services/local/index.js#L43.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Mar 31, 2016

I think we are still good here. As long as you provide a module that has a compare function with the same interface and returns the same callback args you should be able to use whatever hashing mechanism you want.

// your hashing module
exports default {
  compare: function(plaintext, hashedPassword, callback) {
    // do your hashing

   callback(error, result);
  }
}
// auth config

app.configure(authentication({
  bcrypt: myHashingModule
}))

The other part is just writing your own hashPassword hook.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Mar 31, 2016

The only thing we might want to do to make it more clear that this is an option is move line 43 up to here.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Mar 31, 2016

Needs docs is all.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 3, 2016

Personally, I'm not sure that I really want to encourage people to use a different hashing algorithm. There is a reason that almost everyone uses bcrypt. It's the one of, if not the most secure, right now.

I could be wrong but I also don't think it's that common to want to use a different hashing algorithm. Only when migrating an app to Feathers and chances are most people are already using bcrypt.

I'm going to close this. We can open a new issue to document this if someone else requires it. We have so many other things to document right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.