Stop storing passwords in plaintext #682
Replies: 4 comments
-
Let's go about it in a backwards compatible way:
One worry is bcrypt's computation time causing event-loop stalls. |
Beta Was this translation helpful? Give feedback.
-
I think bcrypt is only available on 3.6+, with pbkdf being available on 3.5+ |
Beta Was this translation helpful? Give feedback.
-
We could use a bcrypt library, if you are against that I'm open to other ways of hashing. |
Beta Was this translation helpful? Give feedback.
-
sounds good. Although, for our purposes, the included pbkdf2 should be more than plenty anyway. |
Beta Was this translation helpful? Give feedback.
-
Passwords should be properly hashed/salted instead. If we do this we will want a handy utility to allow you to generate these hashes, and perhaps even insert them into your config, if a proper toml editing library exists now.
Beta Was this translation helpful? Give feedback.
All reactions