Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create user data hash #1433

Closed
f1sh1918 opened this issue Apr 29, 2024 · 2 comments · Fixed by #1499
Closed

Create user data hash #1433

f1sh1918 opened this issue Apr 29, 2024 · 2 comments · Fixed by #1499
Assignees
@ztefanie
Labels
koblenz prio: high Issue must be solved within the next weeks. Task
Milestone
Koblenz Pass

Comments

@f1sh1918
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Since the user data is sensitive it should be hashed

Describe the solution you'd like

  • choose a hashing algorithm (prefered argon2id)
  • create a canonical json from the user data (name, birthday, aktenzeichen)
  • hash the data using at least two iterations (tbd) and a secret salt that should be stored in a environment variable
  • add unit tests
  • provide the salt and an example hashing code snippet to koblenz

Describe alternatives you've considered
use the existing hashing algorithm

Additional context
It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)
https://argon2.online/
@f1sh1918 f1sh1918 added this to the Koblenz Pass milestone Apr 29, 2024
@f1sh1918 f1sh1918 added the prio: high Issue must be solved within the next weeks. label Apr 29, 2024
@michael-markl
Copy link
Member

It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)

There is no real need to use a "slow" hash algorithm for the card info hash (as we add random bytes to it - the pepper). Also we'd have to do it backward compatibly somehow.

@f1sh1918
Copy link
Contributor Author

It has discussed if we switch to the same hashing algorithm for everything (but this also may need additional resources which are not needed)

There is no real need to use a "slow" hash algorithm for the card info hash (as we add random bytes to it - the pepper). Also we'd have to do it backward compatibly somehow.

Yes I was also thinking about that issues. "It has be discussed" Was what I wanted to write...
And yes password hashing would be difficult and we would have to support two ways of hashing maybe old passwords would never be changed if we don't force it

@ztefanie ztefanie self-assigned this Jun 11, 2024
@ztefanie ztefanie mentioned this issue Jun 19, 2024
Merged
@seluianova seluianova mentioned this issue Jul 3, 2024
Merged
@seluianova seluianova mentioned this issue Jul 29, 2024
Open
@f1sh1918 f1sh1918 mentioned this issue Aug 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ztefanie ztefanie

Labels
koblenz prio: high Issue must be solved within the next weeks. Task
Projects
entitlementcard
Status: Done
Milestone
Koblenz Pass
Development

Successfully merging a pull request may close this issue.

1433: Create user hashing for Koblenz digitalfabrik/entitlementcard
3 participants
@michael-markl @ztefanie @f1sh1918