You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use rust-crypto's bcrypt implementation directly to hash passwords manually. As mentioned in #39, rust-crypto is not audited in any way, so we should probably look for alternatives.
NaCl/libsodium/sodiumoxide have utilities to generate password hashes. This requires linking against another C library which the user has to install manually, which is really unfortunate.
Reopening, I've reverted those commits. The dependency situation is even less convenient than I thought (Ubuntu 12.04 doesn't have an appropriate package). See https://github.com/dnaq/sodiumoxide/issues/116
We use
rust-crypto
's bcrypt implementation directly to hash passwords manually. As mentioned in #39, rust-crypto is not audited in any way, so we should probably look for alternatives.The text was updated successfully, but these errors were encountered: