You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We chose to use plain SHA-256 hashes to ensure compatibility with Redis’s ACL rules. However, we are actively exploring improvements, such as introducing an optional syntax for salted hashes and potentially transitioning to a more compute-intensive KDF. While addressing this isn’t our top priority at the moment, we are aware of this issue and will address it in the future.
Makes sense. I also see you're adding in AAD support as well, which is probably the better long-term approach anyway. If and when you get to improving the hashing feel free to reach out to me internally (stsyfuhs@ms) if you're inclined. My team owns Windows auth so we have an abundance of lessons learned around protocol auth.
Is this a function of the Redis protocol or is this an internal implementation detail?
garnet/libs/server/ACL/ACLPassword.cs
Lines 35 to 39 in 5675a98
If this is an implementation detail then this needs to be converted into something more time consuming using a KDF plus salt.
The text was updated successfully, but these errors were encountered: