search

furified / furified-com

The source code for furified.com
https://furified.com
ISC License
0 stars 0 forks source link

Secure Password Storage #8

Closed soatok closed 6 years ago

soatok commented 6 years ago

Our password storage protocol will be as follows:

  1. Use Argon2id to hash the passwords.
  2. Use XChaCha20-Poly1305 to encrypt the password hashes.

This is already done as of https://github.com/furified/furified-com/commit/222f16cfade842efc2f698367b33bfbf9860a712 although we don't have a solution for the key management problem yet.

soatok commented 6 years ago

Key management was solved in https://github.com/furified/furified-com/commit/303b34921a09cadee1007360827a278d2d0148a2