[openstreetmap/openstreetmap-website] Switch to Argon2 for password hashing (PR #3353)

Tom Hughes notifications at github.com
Wed Nov 3 16:33:40 UTC 2021


Well the risk is that the older the account the more likely somebody no longer has access to the email, although they may well still know the password.

There is some discussion at https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes where the suggestion is that ideally you would expire old insecure passwords and force a reset while also noting that it may cause an increased support load.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3353#issuecomment-959666826
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20211103/683abf3c/attachment.htm>


More information about the rails-dev mailing list