ecamp3 icon indicating copy to clipboard operation
ecamp3 copied to clipboard
verified publisher icon ecamp

Switch to secure and maintained hashing in UserDataPersister for the activation key

Open BacLuc opened this issue 4 years ago • 2 comments

Ist md5 wirklich noch ein sinnvoller Hash-Algorithmus für so etwas? Wie wärs wenn wir etwas wie https://github.com/symfony/password-hasher brauchen was auch rückwärtskompatibel auf dem aktuellen Stand der Technik gehalten wird?

Originally posted by @carlobeltrame in https://github.com/ecamp/ecamp3/pull/2377#discussion_r781344229

And when we are at it, we can use the same mechanism with the then secure hash to only store hashes for the invitekey of campcollaborations.

BacLuc avatar Jan 10 '22 20:01 BacLuc

Still needed for the activation key, but implemented for inviteKey.

BacLuc avatar Feb 14 '23 09:02 BacLuc

https://github.com/ecamp/ecamp3/blob/35542151d204dba0b408755723a000d78a9dc5d1/api/src/State/UserActivateProcessor.php#L25

BacLuc avatar Apr 27 '24 12:04 BacLuc