mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(auth): use sha-512 for auth tokens

Browse source 
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-12-09 23:04:00 +01:00
parent f4a7a5ed2d
commit b4a65b47f0
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
3 changed files with 37 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/private-api/tokens.e2e-spec.ts
View file

@ -48,7 +48,7 @@ describe('Tokens', () => {
expect(response.body.label).toBe(tokenName);
expect(response.body.validUntil).toBe(null);
expect(response.body.lastUsed).toBe(null);
expect(response.body.secret.length).toBe(84);
expect(response.body.secret.length).toBe(98);
});
it(`GET /tokens`, async () => {