devise-encryptable icon indicating copy to clipboard operation
devise-encryptable copied to clipboard

Published 20 hours ago verified publisher icon heartcombo

Add rolling option

Open sobrinho opened this issue 5 years ago • 7 comments

Legacy applications want to migrate from SHA1 to SHA512, for example.

Inspired in what Authlogic has with transition_from_crypto_providers.

sobrinho avatar Apr 30 '20 23:04 sobrinho

It probably makes sense to have a BCrypt cryptor now to be able to migrate from sha1 or any encryptor from this gem to the "new encryptor" that Devises uses these days.

If we agree in this PR, I can do another one to be able to support that rolling or even include in this one.

sobrinho avatar Apr 30 '20 23:04 sobrinho

Merging #20 we can rebase this to merge cleanly.

sobrinho avatar Apr 30 '20 23:04 sobrinho

@sobrinho This is awesome. Any chance of this making it into a release? Would love to be able to roll from bcrypt to argon2id

ref: https://www.monterail.com/blog/more-secure-passwords-bcrypt

pboling avatar Jan 24 '22 18:01 pboling

PR updated.

sobrinho avatar Jan 24 '22 19:01 sobrinho

@carlosantoniodasilva thoughts?

pboling avatar Jan 25 '22 17:01 pboling

@sobrinho This is great. Is there any interest in merging this one ? We would love to have this option to move from bcrypt.

vaot avatar Jan 19 '23 00:01 vaot

PR rebased!

The build is broken for another reason on 3.0 rails main and 2.7 rails main.

@carlosantoniodasilva feel free to merge this one!

sobrinho avatar Jan 20 '23 14:01 sobrinho