Replace SHA512 with SHA3-512

zeruniverse / Password-Manager

An online keepass-like tool to manage password. client-side AES encryption!

Other

170 stars 44 forks source link

Replace SHA512 with SHA3-512 #252

Closed zeruniverse closed 4 years ago

zeruniverse commented 4 years ago

To enhance the security level, I'm going to replace all SHA512 (SHA2) with SHA3-512, both server and client side. This will drop support for PHP version less than 7.1.0 (see: https://www.php.net/manual/en/function.hash-algos.php)

SHA safety reference: https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

zeruniverse commented 4 years ago

0001

zeruniverse commented 4 years ago

CryptoJS is very slow. So switch to web CryptoAPI with SHA512 on client side

zeruniverse commented 4 years ago

0001