Tom Hughes
55a05d9e80
Use secure_compare to compare passwords and tokens
...
It's unlikely there is an explotable attack here given than network
latencies and variability will swamp any local timing differences but
it's best practice and there's no reason not to.
2023-11-07 17:22:40 +00:00
Tom Hughes
aad81eb74c
Switch to Argon2 for password hashing
2021-11-03 20:39:31 +00:00
Tom Hughes
9f993fe8c8
Fix new rubocop warnings
2020-07-07 10:44:52 +01:00
Tom Hughes
d6af4450d1
Prefer String#match? over butt ugly Regexp#match?
2019-03-26 19:12:18 +00:00
Andy Allan
1ca77d6dda
Rubocop fixes for ruby 2.5
2019-03-13 10:33:33 +01:00
Tom Hughes
44e778aedd
Increase password stretching to 10000 interations
...
This is in line with current reccomendations from various sources.
2016-11-25 08:54:57 +00:00
Tom Hughes
8fe1899596
Fix rubocop warnings
2016-01-19 09:51:24 +00:00
Tom Hughes
ef7f3d800c
Fix most auto-correctable rubocop issues
2015-02-20 08:56:16 +00:00
Tom Hughes
b9daf06684
Upgrade passwords to the latest hashing scheme on login
2013-08-14 00:24:33 +01:00
Tom Hughes
15d29c646b
Strengthen password hashing algorithm
2013-08-14 00:23:03 +01:00
