id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,active_lock_reason,draft,pull_request,body,reactions,performed_via_github_app,state_reason,repo,type
205301887,MDU6SXNzdWUyMDUzMDE4ODc=,15,Password storage should use PBKDF2,570040,closed,0,570040,,0,2017-02-03T23:56:22Z,2017-10-24T22:59:59Z,2017-10-24T22:59:59Z,CONTRIBUTOR,,,,"Right now it's using salted SHA256, which works for now but isn't suitable for real password storage, taking into considerations things like password reuse across services and the fact that inexperienced server admins will likely be operating poorly configured ACEmulator servers.

To minimize the damage of leaking any password hashes from the DB, the supported standard for password storage on .NET is PBKDF2.

I am already working on converting password storage to use PBKDF2 on my branch.

https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm","{""url"": ""https://api.github.com/repos/ACEmulator/ACE/issues/15/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed,79078680,issue