Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hashing a password is not acceptable #1

Open
chase-moskal opened this issue Oct 1, 2017 · 0 comments
Open

hashing a password is not acceptable #1

chase-moskal opened this issue Oct 1, 2017 · 0 comments
Assignees
@chase-moskal
Labels
bug
Milestone
v0.6.0

Comments

@chase-moskal
Copy link
Member

chase-moskal commented Oct 1, 2017
edited
Loading

tom-md's reddit comment (#1):

Hashing a password is not an acceptable way to create a crypto key from a password. Use something like scrypt. Generate a random salt for the encrypt operation to use in scrypt and store it with the ciphertext (along with the IV, payload)

ehochx adds this in a reddit comment:

Don't hash the password, generate a random salt and use a proper KDF

RenThraysk adds this:

Password hashing, WebCrypto has PBKDF2 which is more suitable.
@chase-moskal chase-moskal self-assigned this Oct 1, 2017
@chase-moskal chase-moskal changed the title Hashing a password is not an acceptable hashing a password is not an acceptable Oct 1, 2017
@chase-moskal chase-moskal added this to the v0.6.0 milestone Oct 1, 2017
@chase-moskal chase-moskal changed the title hashing a password is not an acceptable hashing a password is not acceptable Oct 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chase-moskal chase-moskal

Labels
bug
Projects
None yet
Milestone
v0.6.0
Development

No branches or pull requests
1 participant
@chase-moskal