Issue 10529

Title
Add scrypt and argon2 as hash method
Priority
feature
Status
resolved
Nosy list
ced, reviewbot, roundup-bot
Assigned to
ced
Keywords
review

Created on 2021-06-25.09:56:16 by ced, last changed 3 months ago by roundup-bot.

Messages

New changeset d27a1fee3830 by Cédric Krier in branch 'default':
Use argon2 or scrypt to hash password by default
https://hg.tryton.org/tryton-env/rev/d27a1fee3830
New changeset 5fa47ee46ce6 by Cédric Krier in branch 'default':
Use argon2 or scrypt to hash password by default
https://hg.tryton.org/trytond/rev/5fa47ee46ce6
Author: [hidden] (ced) Tryton committer Tryton translator
Date: 2021-06-25.09:56:14

According to https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e, PBKDF2 has not aged well,BCrypt is still good but there are better: SCrypt and Argon2.
SCrypt is available in stdlib since Python 3.6 so it is a good default choice. Argon2 is even better but it requires an extra library so we should use only if it is available.
So I propose to use by default this preferred order (if available): argon2, scrypt, bcrypt and pbkdf2_sha512.

History
Date User Action Args
2021-07-12 23:31:41roundup-botsetmessages: + msg68879
2021-07-12 23:31:32roundup-botsetmessages: + msg68878
nosy: + roundup-bot
status: testing -> resolved
2021-06-25 10:00:43reviewbotsetmessages: + msg68426
nosy: + reviewbot
2021-06-25 09:56:54cedsetkeyword: + review
reviews: 359761002
status: in-progress -> testing
2021-06-25 09:56:16cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)