View Issue Details

IDProjectCategoryView StatusLast Update
0009026Talerlibeufin-bankpublic2025-04-24 01:04
ReporterAntoine A Assigned To 
PrioritynormalSeveritytweakReproducibilityhave not tried
Status confirmedResolutionopen 
Target Versionpost-1.0 
Summary0009026: Support memory-hard password hashing method
DescriptionMemory-hard password hashing algorithms (scrypt, argon2, etc..) make it even easier for an attacker to DOS our server. We need to apply a rate limit and a memory budget.

It should be possible to configure a global password hashing memory budget and a parallelism limit. The function's memory configuration would then be memory_budget/parallelism and a semaphore could be used to apply the parallelism limit.
Tagssecurity

Relationships

related to 0009025 closedAntoine A Support enforcing token authentication 
related to 0008264 closedAntoine A Use a real password hashing method to store password 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-07-26 14:24 Antoine A New Issue
2024-07-26 14:24 Antoine A Status new => assigned
2024-07-26 14:24 Antoine A Assigned To => Antoine A
2024-07-26 14:25 Antoine A Relationship added related to 0009025
2024-07-26 14:26 Antoine A Relationship added related to 0008264
2024-07-28 21:52 Christian Grothoff Severity minor => tweak
2025-04-17 23:54 Christian Grothoff Tag Attached: security
2025-04-24 01:04 Christian Grothoff Assigned To Antoine A =>
2025-04-24 01:04 Christian Grothoff Status assigned => confirmed