Password blog post #1
Conversation
|
@Vlix could you do a quick review of this blog post? Feel free to respond inline. |
2020-05-16-password-2.0.md
Outdated
|
|
||
| https://github.com/cdepillabout/password/issues/20 | ||
|
|
||
| - Add more password hashing algorithms. |
There was a problem hiding this comment.
I'm not really sure we NEED more password hashing algorithms.
The 4 major ones are good enough IMHO (and PBKDF2 is only in there for legacy reasons, I'd never advise someone to use it for a new application), though maybe more algorithms could be added for that same reason, just legacy/interoperability... 🤔
I WOULD like to add to this list the possibility to parse different formats of hashes for the same algorithm, so that checkPassword works with hashes produced by other (language's) libraries/programs.
(Maybe give a link to this hashcat page to show examples)
I'm not yet sure if it is a good idea to also have the format be adjustable in the hashPassword function... I don't see that having a good use case... but if someone would have a good use case, that'd be something that also COULD be worked on.
There was a problem hiding this comment.
Sounds good. I removed the item for adding more password hashing algorithms, and I added a new item for parsing different formats in 35c722e.
I didn't link to the hashcat page, but I did link to cdepillabout/password#11. (If people click through, they will find the link to the hashcat page as well.)
I'm not yet sure if it is a good idea to also have the format be adjustable in the hashPassword function
I didn't explicitly talk about, but I imagine it could be helpful to have the format adjustable in the hashPassword function. I think in any complicated enterprise environment, you may have multiple applications reading and writing passwords stored in a single database. In that kind of environment, it would be nice to be able to easily produce password hashes in a format expected by all the other applications.
|
On the whole looks like a nice concise announcement. Don't see any reason to nitpick much else. I guess you could mention the fact that |
Good idea, I added this in a footnote in 2b5f5c4. |
|
@Vlix Thanks for the review. I released this blog post: https://functor.tokyo/blog/2020-05-18-password-2.0 I also posted this on twitter and reddit (in case you want to watch for questions/comments):
If you notice anything else that needs to fixed up in the post, please don't hesitate to post here. |
This is a blog post announcing the new password-2.0 library.
Here is a rendered version: https://functor.tokyo/blog/draft/2020-05-16-password-2.0 (although note that the url will change when it has actually been fully published)