issues: 414395024
This data as json
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | active_lock_reason | draft | pull_request | body | reactions | performed_via_github_app | state_reason | repo | type |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
414395024 | MDExOlB1bGxSZXF1ZXN0MjU2MTE1MjM2 | 1468 | Update account authentication to use BCrypt. | 47994013 | closed | 0 | 5 | 2019-02-26T02:06:07Z | 2019-03-08T19:41:24Z | 2019-03-08T19:41:24Z | CONTRIBUTOR | 0 | ACEmulator/ACE/pulls/1468 | This updates/simplifies account authentication to use the BCrypt hashing algorithm in place of SHA512 and the need for a separate password salt. Not only is BCrypt more secure than SHA512 since it uses a "Work Factor" to discourage password brute force attacks but the implementation is much cleaner overall since the salt is randomly generated and added as part of the password hash itself, effectively protecting against rainbow table attacks. The default Work Factor is set to 10 which is considered the current industry standard. A server owner can easily increase this value to whatever level of security they desire which in turn will make password verification slower and much harder to crack if ever brute forced by a hacker. Furthermore, BCrypt is used in PHP's passwordHash() function so this change will open up many more account management possibilities through PHP registration scripts, especially CMS's and database bridging. | {"url": "https://api.github.com/repos/ACEmulator/ACE/issues/1468/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 79078680 | pull |