platypush/platypush
platypush
/
platypush
2
2
Fork 4
Code Issues 38 Pull Requests Packages Projects 4 Releases Wiki Activity

Migrate user password hashing algorithm #397

New Issue
Closed
opened 2024-05-05 20:19:28 +02:00 by blacklight · 0 comments
blacklight commented 2024-05-05 20:19:28 +02:00
Owner
Copy Link

bcrypt requires a Rust compiler when Platypush is installed via pip.

On earlier RaspberryPis, or other devices with limited resources, this means very long built times.

Since bcrypt is only used to encrypt the user password on the application db, we can easily replace it a hashlib algorithm (such as pbkd2_hmac) that is already available in the Python standard library.

bcrypt will still be used as a fallback if the user record has no stored password salt/hash iterations, so the migration should be seamless.

bcrypt requires a Rust compiler when Platypush is installed via pip. On earlier RaspberryPis, or other devices with limited resources, this means very long built times. Since bcrypt is only used to encrypt the user password on the application db, we can easily replace it a `hashlib` algorithm (such as `pbkd2_hmac`) that is already available in the Python standard library. bcrypt will still be used as a fallback if the user record has no stored password salt/hash iterations, so the migration should be seamless.
blacklight added the
enhancement
 label 2024-05-05 20:19:28 +02:00
blacklight self-assigned this 2024-05-05 20:19:28 +02:00
blacklight added this to the core project 2024-05-05 20:19:28 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
stable
286/merge-foursquare-backend
271/runtime-integrations
317-ci-cd-automation-for-stable-branch
311/auto-generate-deps-docs
v1.0.2
v1.0.1
v1.0.0
v0.99.11
v0.99.10
v0.99.9
v0.99.8
v0.99.6
v0.99.5
v0.99.4
v0.99.3
v0.99.2
v0.99.1
v0.99.0
v0.50.3
v0.50.2
v0.50.1
v0.50.0
v0.24.5
v0.24.4
v0.24.3
v0.24.2
v0.24.1
v0.24.0
v0.23.6
v0.23.5
v0.23.4
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.10
v0.22.9
v0.22.8
v0.22.7
v0.22.6
v0.22.5
v0.22.4
v0.22.3
v0.22.2
v0.22.1
v0.22.0
v0.21.4
v0.21.3
v0.21.2
v0.21.1
v0.21.0
v0.20.10
v0.20.9
v0.20.8
v0.20.7
v0.20.6
v0.20.5
v0.20.4
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.10
v0.12.9
v0.12.8
v0.12.7
v0.12.6
v0.12.5
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.5
v0.11.4
v0.11.3
v0.11.1
v0.11.0
v0.10.9
v0.10.8
v0.10.7
0.10.6
v0.10.6
v0.10.5
0.10.4
0.10.2
0.10.1
0.10
0.9.6
0.9.3
0.9.2
Labels
Clear labels   
architecture

   
bug

   
ci/cd

   
cleanup

   
documentation

   
duplicate

   
enhancement

   
good first issue

   
help wanted

   
in progress

   
invalid

   
new feature

   
packaging

   
question

   
ui

   
waiting user input

   
wontfix
No Label
architecture
bug
ci/cd
cleanup
documentation
duplicate
enhancement
good first issue
help wanted
in progress
invalid
new feature
packaging
question
ui
waiting user input
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
core
Assignees
Clear assignees
No Assignees
blacklight
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: platypush/platypush#397
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?