Improve password storage for security

Hi !

Currently there is only a sha256 sum used to store the password in the database ([for example](https://github.com/xvw/muhokama/blob/main/app/models/user_model.ml#L119)). 
This is considered as a bad practice. [See here](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)

We should either:
- (at least) Add a salt to the shasum in order to avoid rainbow tables uses if the database leaks.
- (best) Use a proven secured function (like Argon2), which adds layers of security (like preventing timing attacks).


For more informations: 
https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Improve password storage for security #58

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Improve password storage for security #58

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions