An Interest In:
Web News this Week
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
Foal v2.11 has been released with better password management
Version 2.11 of Foal is out! Here are the improvements that it brings:
Number of Iterations on Password Hashing Has Been Increased
The PBKDF2 algorithm (used for password hashing) uses a number of iterations to hash passwords. This work factor is deliberate and slows down potential attackers, making attacks against hashed passwords more difficult.
As computing power increases, the number of iterations must also increase. This is why, starting with version 2.11, the number of iterations has been increased to 310,000.
To check that an existing password hash is using the latest recommended number of iterations, you can use the passwordHashNeedsToBeRefreshed
function.
The example below shows how to perform this check during a login and how to upgrade the password hash if the number of iterations turns out to be too low.
const { email, password } = ctx.request.body;const user = await User.findOne({ email });if (!user) { return new HttpResponseUnauthorized();}if (!await verifyPassword(password, user.password)) { return new HttpResponseUnauthorized();}// highlight-start// This line must be after the password verification.if (passwordHashNeedsToBeRefreshed(user.password)) { user.password = await hashPassword(password); await user.save();}// highlight-end// Log the user in.
Original Link: https://dev.to/loicpoullain/foal-v211-has-been-released-with-better-password-management-4mbp
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To