Do not use md5 hashes for your passwords

[cham]

This is 2013. Use SHA-2, PBKDF2, etc... Use an individual salt for each password!

[cham]

Yeah fine, up to you :)

On 1 October 2013 18:56, Thomas Lekanger notifications@github.com wrote:

Would SHA-2 or bcrypt be enough? I have some issues with the PBKDF2 library that annoys me a lot.

— Reply to this email directly or view it on GitHubhttps://github.com/cham/TeslaAPI/issues/7#issuecomment-25472139 .

D Neame

EM: danneame@gmail.com WEB: http://dan.nea.me

[datagutt]

Well, i got it almost working, but it seems to get into an infinite loop and spew out "Too many requests" instead of returning json. If i refresh the page, it logs in the user just fine.

[datagutt]

I'll send you the pull request so you can take a look.

[cham]

I removed tooslow yesterday so if you rebase that problem might go away, then again, it probably shouldn't have triggered it either

[datagutt]

I fixed it. Had to remove hashing from the read:users part, the verifying is done in route instead.

[cham]

think that might impact on api to api requests, I'll check the PR anyway, thanks!

[cham]

nice, this is working well and was an elegant solution. I think feisar may modify it further, but I'm going to close this issue as it has been addressed