[openstreetmap/openstreetmap-website] Switch to Argon2 for password hashing (PR #3353)
Tom Hughes
notifications at github.com
Wed Nov 3 22:25:13 UTC 2021
I did a quick survey of the historic passwords - the results are:
| Scheme | Users | Last Password Change | Last Login |
|-|-|-|-|
| Unsalted MD5 | ~7000 | Before Aug 2007 | Before Aug 2013 |
| Salted MD5 | ~1500000 | Before Aug 2013 | Before Aug 2013 |
| 1000 Round PBKDF2 | ~3000000 | Before Nov 2016 | Before Nov 2016 |
| 10000 Round PBKDF2 | ~10000000 | Since Nov 2016 | Since Nov 2016 |
Based on that I suspect we could reasonable wipe the passwords for the first two groups and certainly for the first group - anybody in those groups hasn't logged in or changed their password in eight years.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3353#issuecomment-960242115
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20211103/9edf0214/attachment.htm>
More information about the rails-dev
mailing list