Created on 2021-06-25.09:56:16 by ced, last changed 3 months ago by roundup-bot.
New changeset d27a1fee3830 by Cédric Krier in branch 'default': Use argon2 or scrypt to hash password by default https://hg.tryton.org/tryton-env/rev/d27a1fee3830
New changeset 5fa47ee46ce6 by Cédric Krier in branch 'default': Use argon2 or scrypt to hash password by default https://hg.tryton.org/trytond/rev/5fa47ee46ce6
According to https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e, PBKDF2 has not aged well,BCrypt is still good but there are better: SCrypt and Argon2.
SCrypt is available in stdlib since Python 3.6 so it is a good default choice. Argon2 is even better but it requires an extra library so we should use only if it is available.
So I propose to use by default this preferred order (if available): argon2, scrypt, bcrypt and pbkdf2_sha512.
|2021-07-12 23:31:41||roundup-bot||set||messages: + msg68879|
nosy: + roundup-bot
status: testing -> resolved
nosy: + reviewbot
status: in-progress -> testing
Showing 10 items. Show all history (warning: this could be VERY long)