You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User account passwords are hashed with the new-style algorithm described on #212 (first pass of SHA3-512, followed by bcrypt). However, the hash of the server password (for the optional PASS command) and the operator passwords (for the OPERATOR command) are written into the config file and cannot be autoupgraded, hence they still use the old-style algorithm (a single pass of bcrypt). Consequently they are subject to the implicit 72-character length limit.
We could add a config switch that says that the hashes should be compared via the v2 algorithm, instead of the v1 algorithm. (When omitted, it would default to v1). Then, ergo genpasswd could be made to require a valid configuration file (compare ergo mkcerts, which reads the config file to determine where to put the generated certificates) and it could generate certificates according to the algorithm specified in the file. Then default.yaml and traditional.yaml could be modified to have the v2 algorithm as the recommended default.
The text was updated successfully, but these errors were encountered:
User account passwords are hashed with the new-style algorithm described on #212 (first pass of SHA3-512, followed by bcrypt). However, the hash of the server password (for the optional
PASScommand) and the operator passwords (for theOPERATORcommand) are written into the config file and cannot be autoupgraded, hence they still use the old-style algorithm (a single pass of bcrypt). Consequently they are subject to the implicit 72-character length limit.We could add a config switch that says that the hashes should be compared via the v2 algorithm, instead of the v1 algorithm. (When omitted, it would default to v1). Then,
ergo genpasswdcould be made to require a valid configuration file (compareergo mkcerts, which reads the config file to determine where to put the generated certificates) and it could generate certificates according to the algorithm specified in the file. Thendefault.yamlandtraditional.yamlcould be modified to have the v2 algorithm as the recommended default.The text was updated successfully, but these errors were encountered: