Closed queicherius closed 4 years ago
First of all, thank you very much for looking at my project and taking the time. I will try to give you answer in the same order:
The improvements are listed at #82
I didnt get this, I dont want to give too much space for passwords in db. Whats the point making it limitless ?
Since you are hashing the passwords they are always the same size. Following the article of bcrypt(base64(sha256(password)))
, the only limit is processing time, since this will always hash the password into 60 characters you are saving into the database. Even right now with your hash it will always result in 64 characters.
I didnt get this, I dont want to give too much space for passwords in db. Whats the point making it limitless ?
Since you are hashing the passwords they are always the same size. Following the article of
bcrypt(base64(sha256(password)))
, the only limit is processing time, since this will always hash the password into 60 characters you are saving into the database. Even right now with your hash it will always result in 64 characters.
Oh thats right, thanks for the explanations. How the hell I didnt look from this view :) I will make the length 100-200 or so. Not because of the size in the database but payload size of the request.
Hey there,
I just skimmed through most of the code because I wanted to see if there was any inspiration for a project of mine.
I found the following points which might be interesting to you. Keep in mind that it was a very rough skim, so it's very possible i might have missed things.
set(key: string, value: any)
when Redis can only handlevalue: string
correctlysha256
which is vulnerable to a rainbow table attack. Please read this article on how to implement password storage safely.