Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2018-11-01
    • Component/s: Accounts
    • Labels:
      None
    • Size Estimate:
      House

      Description

      User passwords are stored encrypted via bcrypt (Blowfish). The cost parameter is still 10, as it was when introduced in 2013. Since computing power is ever increasing, we should use a higher cost parameter of at least 12 (four times the work); see an answer on Security.SE for more background.

      This will only affect new passwords (new account or changed password).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yvanzo yvanzo
                Reporter:
                chirlu Ulrich Klauer
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: