Skip to content
This repository has been archived by the owner on Nov 22, 2022. It is now read-only.

security: a single hmac-sha256 is not an acceptable PBKDF #70

Open
sneak opened this issue Oct 10, 2020 · 0 comments
Open

security: a single hmac-sha256 is not an acceptable PBKDF #70

sneak opened this issue Oct 10, 2020 · 0 comments

Comments

@sneak
Copy link

sneak commented Oct 10, 2020
edited
Loading

https://github.com/open-orchard/koinos-miner/blob/master/app.js#L94-L97

When deriving encryption keys from passwords, appropriate PBKDFs like Argon2 should be used.

https://www.npmjs.com/package/argon2

Also, don't forget the salt.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sneak