thentos icon indicating copy to clipboard operation
thentos copied to clipboard

Published 20 hours ago verified publisher icon liqd

Consider using cryptonite for scrypt

Open fhartwig opened this issue 9 years ago • 2 comments

We're currently using the scrypt library to hash user passwords and service keys. cryptonite also does scrypt, and since we're using cryptonite anyway, we could get rid of the scrypt dependency.

fhartwig avatar Jun 04 '15 14:06 fhartwig

Related to this: package random is imported solely to generate random UserIds. This should be a task for cryptonite, too.

(Less related: why are we generating random UserIds?! Seems wobbly, but I may just miss the point.)

fisx avatar Sep 17 '15 08:09 fisx

Random (pseudo-random) UserId is actually a good idea. In particular it hides how many users are subscribed and when did a particular user approximately subscribed.

np avatar Jan 28 '16 09:01 np