Open PhilippMDoerner opened 2 years ago
Hi, hasher has already deprecated because of a typo => https://github.com/planety/prologue/blob/321d6e9a1fae4bc096cb65383834f95c5c6aecac/src/prologue/security/hasher.nim#L15
ref https://github.com/planety/prologue/issues/140
The hash util is subtle. Imo it should be put in a separate library either or it can stay on the Prologue org.
What is the prologue org? As for where to put it, I'm pretty ambivalent in that regard. If you prefer it could be one of the prologue extensions we have?
I would mostly want some level of docs on it, since crypto is one of those things that is immensely annoying to research when you want to do implement your password hashing.
If you prefer it could be one of the prologue extensions we have
Yeah, I agree. It can start from an extension/library.
What is the prologue org?
Sorry I mean https://github.com/planety. If you need access to https://github.com/planety, feel free to tell me.
Heyho,
I've recently noticed that prologue offers its own hashing proc to allow simple pbkdf2_sha256 hashing, with an API similar to how its handled in Django. This is in the
prologue/security/hasher
module.Suggestion 1) I think it would be useful to have a section in the quickstart docs that at least mention the hashing util procs there.
Secondly, from what I'm seeing, it is using nimcrypto to perform the hasing. From my own experience, using nimcrypto compared to openssl has a significant slowdown. Thus, and given that openssl is the more established library, I would want to make another suggestion.
Suggestion 2) Either replace the current pkdf2 hashing procs with one that makes use of openssl or alternatively just offer an alternative. I already have an implementation as you might be aware of, since hotdog from the discord provided me with one:
What is your opinion on that one @xflywind ?