mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-22 16:13:09 +02:00
b31a59a297
argon2 is only really used to allow migrations from firefish-like instances. using argon2 for everything prevents seamless migrations to upstream misskey in exchange for a debatable[1][2] increase in security. so, let's keep accepting existing argon2 hashes, but rehash them to bcrypt on login. [1]: https://infosec.exchange/@epixoip/110912922574721750, https://github.com/epixoip/hmac-bcrypt/?tab=readme-ov-file#justification [2]: the bcrypt implementation used in misskey doesn't support passwords > 72 bytes, but we cannot do anything about *that* without breaking compatibility, bringing us back to where we started (upstream; if you're reading this, please consider hmac-bcrypt!) |
||
|---|---|---|
| .. | ||
| backend | ||
| frontend | ||
| megalodon | ||
| misskey-bubble-game | ||
| misskey-js | ||
| misskey-reversi | ||
| shared | ||
| sw | ||
| meta.json | ||