You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Since the user data is sensitive it should be hashed
Describe the solution you'd like
choose a hashing algorithm (prefered argon2id)
create a canonical json from the user data (name, birthday, aktenzeichen)
hash the data using at least two iterations (tbd) and a secret salt that should be stored in a environment variable
add unit tests
provide the salt and an example hashing code snippet to koblenz
Describe alternatives you've considered
use the existing hashing algorithm
Additional context
It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed) https://argon2.online/
The text was updated successfully, but these errors were encountered:
It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)
There is no real need to use a "slow" hash algorithm for the card info hash (as we add random bytes to it - the pepper). Also we'd have to do it backward compatibly somehow.
It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)
There is no real need to use a "slow" hash algorithm for the card info hash (as we add random bytes to it - the pepper). Also we'd have to do it backward compatibly somehow.
Yes I was also thinking about that issues. "It has be discussed" Was what I wanted to write...
And yes password hashing would be difficult and we would have to support two ways of hashing maybe old passwords would never be changed if we don't force it
Is your feature request related to a problem? Please describe.
Since the user data is sensitive it should be hashed
Describe the solution you'd like
Describe alternatives you've considered
use the existing hashing algorithm
Additional context
It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)
https://argon2.online/
The text was updated successfully, but these errors were encountered: