Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one #14673

Merged
merged 2 commits into from
Feb 13, 2021
Merged

Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one #14673

merged 2 commits into from
Feb 13, 2021

Conversation

lunny
Copy link
Member

@lunny lunny commented Feb 13, 2021
edited
Loading

Fix #14294. And I think backport this to v1.13 is also meaningful.

@lunny lunny added the pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! label Feb 13, 2021
@lunny lunny added this to the 1.14.0 milestone Feb 13, 2021
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 13, 2021
@6543
Copy link
Member

6543 commented Feb 13, 2021

created #14674 to not loose track of it

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 13, 2021
@6543 6543 merged commit 5e4fa7c into go-gitea:master Feb 13, 2021
@lunny lunny deleted the lunny/default_hash_pbkdf2 branch February 13, 2021 17:04
lunny added a commit to lunny/gitea that referenced this pull request Feb 13, 2021
@lunny
Turn default hash password algorightm back to pbkdf2 from argon2 unti…
b337ef5 
…l we found a better one (go-gitea#14673)

* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one

* Add a warning on document
This was referenced Feb 13, 2021
Merged
Closed
6543 pushed a commit that referenced this pull request Feb 13, 2021
@lunny @zeripath
Turn default hash password algorightm back to pbkdf2 from argon2 unti…
c032006 
…l we found a better one (#14673) (#14675)

* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one

* Add a warning on document

Co-authored-by: zeripath <art27@cantab.net>
@zeripath zeripath added the backport/done All backports for this PR have been created label Mar 1, 2021
@6543 6543 added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Mar 21, 2021
@go-gitea go-gitea locked and limited conversation to collaborators May 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath approved these changes

@6543 6543 6543 approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.

argon2 password hash consumes too much memory
4 participants
@lunny @6543 @zeripath @GiteaBot