Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[auth] [server] investigate cryptographic hash functions for basic auth flow #4021

Closed
Tracked by #3433
axiomofjoy opened this issue Jul 26, 2024 · 1 comment
Closed
Tracked by #3433
Labels
c/dx Developer experience

Comments

@axiomofjoy
Copy link
Contributor

axiomofjoy commented Jul 26, 2024

Password hashes will be computed using a cryptographic hash function. The ideal hash function is slow and adjustable in terms of its computation time and memory usage. The argon2 family of algorithms is the recommendation of the Password Hashing Competition Panel. However, it is not part of the Python standard library and may require additional system dependencies. It also may be so slow that it hurts the user experience while logging in.

We should aim for the hash to be computable within one second on the weakest hardware on which Phoenix might run (e.g., the cheapest EC2 instance). Ultimately, any of bcrypt, scrypt, and argon2 will be acceptable for our purposes, and all are currently supported in Django.

@dosubot dosubot bot added the c/dx Developer experience label Jul 26, 2024
@axiomofjoy axiomofjoy changed the title [auth] investigate cryptographic hash functions for basic auth flow [auth] [server] investigate cryptographic hash functions for basic auth flow Jul 27, 2024
@axiomofjoy
Copy link
Contributor Author

Duplicate of #4193

@axiomofjoy axiomofjoy marked this as a duplicate of #4193 Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c/dx Developer experience
Projects
Archived in project
Development

No branches or pull requests

1 participant