mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-22 21:33:08 +02:00
b31a59a297
argon2 is only really used to allow migrations from firefish-like instances. using argon2 for everything prevents seamless migrations to upstream misskey in exchange for a debatable[1][2] increase in security. so, let's keep accepting existing argon2 hashes, but rehash them to bcrypt on login. [1]: https://infosec.exchange/@epixoip/110912922574721750, https://github.com/epixoip/hmac-bcrypt/?tab=readme-ov-file#justification [2]: the bcrypt implementation used in misskey doesn't support passwords > 72 bytes, but we cannot do anything about *that* without breaking compatibility, bringing us back to where we started (upstream; if you're reading this, please consider hmac-bcrypt!) |
||
|---|---|---|
| .. | ||
| .vscode | ||
| assets | ||
| migration | ||
| src | ||
| test | ||
| test-server | ||
| .eslintignore | ||
| .eslintrc.cjs | ||
| .madgerc | ||
| .swcrc | ||
| check_connect.js | ||
| generate_api_json.js | ||
| jest.config.cjs | ||
| jest.config.e2e.cjs | ||
| jest.config.unit.cjs | ||
| jsconfig.json | ||
| ormconfig.js | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| watch.mjs | ||
Misskey Backend
