...to prevent hash functions that do not produce unique values
Description
Closes #530.
Proposed Changes
Since pbkdf2 works with a func() Hash.hash type, returning such type at GetValidHashFunction in api/auth/authmongo.go should simplify the calls to pbkdf2.Key. Our hash functions passed to pbkdf2.Key should not produce unique values anymore (#526), and we can upgrade our Dockerfile to Go 1.16.
Testing
Test locally and check that the panic: crypto/hmac: hash generation function does not produce unique values is not called anymore.
make test
make install
source .env
make run-client
docker logs -f -t <huskyci-api-container-id>
You might want to make more checks. I believe that the stored hashes for users passwords in a production system should not be valid anymore, since apparently we were not using the pbkdf2 library correctly.
...to prevent hash functions that do not produce unique values
Description
Closes #530.
Proposed Changes
Since pbkdf2 works with a
func() Hash.hash
type, returning such type atGetValidHashFunction
inapi/auth/authmongo.go
should simplify the calls topbkdf2.Key
. Our hash functions passed topbkdf2.Key
should not produce unique values anymore (#526), and we can upgrade our Dockerfile to Go 1.16.Testing
Test locally and check that the
panic: crypto/hmac: hash generation function does not produce unique values
is not called anymore.You might want to make more checks. I believe that the stored hashes for users passwords in a production system should not be valid anymore, since apparently we were not using the pbkdf2 library correctly.