Switch to secure and maintained hashing in UserDataPersister for the activation key #2382

BacLuc · 2022-01-10T20:15:52Z

Ist md5 wirklich noch ein sinnvoller Hash-Algorithmus für so etwas? Wie wärs wenn wir etwas wie https://github.com/symfony/password-hasher brauchen was auch rückwärtskompatibel auf dem aktuellen Stand der Technik gehalten wird?

Originally posted by @carlobeltrame in #2377 (comment)

And when we are at it, we can use the same mechanism with the then secure hash to only store hashes for the invitekey of campcollaborations.

BacLuc · 2023-02-14T09:48:03Z

Still needed for the activation key, but implemented for inviteKey.

BacLuc · 2024-04-27T12:14:13Z

ecamp3/api/src/State/UserActivateProcessor.php

Line 25 in 3554215

if ($data->activationKeyHash === md5($data->activationKey)) {

BacLuc mentioned this issue Jan 10, 2022

api: Simplify datapersister tests #2377

Merged

pmattmann mentioned this issue Mar 19, 2022

Team verwalten #1238

Open

18 tasks

BacLuc added this to Development Kanban Aug 27, 2023

BacLuc moved this to Validate if Done in Development Kanban Aug 27, 2023

BacLuc moved this from Validate if Done to Ready for implementation in Development Kanban Apr 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Switch to secure and maintained hashing in UserDataPersister for the activation key #2382

Switch to secure and maintained hashing in UserDataPersister for the activation key #2382

BacLuc commented Jan 10, 2022

BacLuc commented Feb 14, 2023

BacLuc commented Apr 27, 2024

Switch to secure and maintained hashing in UserDataPersister for the activation key #2382

Switch to secure and maintained hashing in UserDataPersister for the activation key #2382

Comments

BacLuc commented Jan 10, 2022

BacLuc commented Feb 14, 2023

BacLuc commented Apr 27, 2024