-
-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add guide for switching between password hashing methods #590
Comments
Great idea. It's actually pretty straight forward. You just need a module that accepted deprecated hashing methods in verify function for defmodule MyApp.Password do
def hash(secret), do: Argon2.hash_pwd_salt(secret)
def verify(secret, "$pbkdf2-" <> _ = hash), do: Pow.Ecto.Schema.Password.pbkdf2_verify(secret, hash)
def verify(secret, "$argon2-" <> _ = hash), do: Argon2. verify_pass(secret, hash)
end There are other details that should be included in the guide, like automatically hash with the new algo when the user signs if the current has in the db is with the old algo. The above also only works if the algo has been encoded in the hash. If not, then you would probably add a new column to the user that specify what algo or password version is used. |
Pow has a guide for configuring the password hashing algorithm. There may come a time where people need to switch between password hashing methods (say, bcrypt/pbkdf2 to argon, or Pow's pbkdf2 implementation to pbkdf2_elixir). A guide or snippet on implementing this switch might be helpful.
The text was updated successfully, but these errors were encountered: