Closed y0no closed 3 months ago
claudioc
commented
8 years ago Hi, thanks for the PR.
I am worried that in case we merge the PR, people updating Jingo and using a local authentication schema won't be able to log in anymore. Have you thought about it?
y0no
commented
8 years ago Yes I thinked about it. But unfortunately there is no real way to migrate "magicly" from sha1 to sha256 without asking user to change its password after login (but that require a new view).
I have chosen to update hashString argument of "jingo" executable to provide an easy way for user to generate new password.
This pull request add salted sha256 instead of sha1. The secret is currently used as salt.