View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009026Talerlibeufin-bankpublic2024-07-26 14:242024-07-28 21:52
ReporterAntoine A Assigned ToAntoine A  
PrioritynormalSeveritytweakReproducibilityhave not tried
Status assignedResolutionopen 
Target Versionpost-1.0 
Summary0009026: Support memory-hard password hashing method
DescriptionMemory-hard password hashing algorithms (scrypt, argon2, etc..) make it even easier for an attacker to DOS our server. We need to apply a rate limit and a memory budget.

It should be possible to configure a global password hashing memory budget and a parallelism limit. The function's memory configuration would then be memory_budget/parallelism and a semaphore could be used to apply the parallelism limit.
TagsNo tags attached.

Relationships

related to 0009025 assignedAntoine A Support enforcing token authentication 
related to 0008264 closedAntoine A Use a real password hashing method to store password 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-07-26 14:24 Antoine A New Issue
2024-07-26 14:24 Antoine A Status new => assigned
2024-07-26 14:24 Antoine A Assigned To => Antoine A
2024-07-26 14:25 Antoine A Relationship added related to 0009025
2024-07-26 14:26 Antoine A Relationship added related to 0008264
2024-07-28 21:52 Christian Grothoff Severity minor => tweak