-
Notifications
You must be signed in to change notification settings - Fork 685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Journalist passphrases should be hashed with Argon2id instead of Argon2i #6655
Comments
@lsd-cat wrote:
|
@legoktm wrote:
|
@lsd-cat wrote:
|
@lsd-cat wrote:
|
@L3th3 wrote:
|
Originally filed as https://github.com/freedomofpress/securedrop-security/issues/86
We currently use Argon2i to encrypt journalist passphrases:
However, Argon2id is what's recommended these days, this SO answer goes into depth and summarizes with:
Part of the issue here is that we fell behind on upgrading passlib. The latest version of it uses Argon2id by default (our argon2-cffi version already defaults to id).
The text was updated successfully, but these errors were encountered: