View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009026 | Taler | libeufin-bank | public | 2024-07-26 14:24 | 2025-04-24 01:04 |
| Reporter | Antoine A | Assigned To | |||
| Priority | normal | Severity | tweak | Reproducibility | have not tried |
| Status | confirmed | Resolution | open | ||
| Target Version | post-1.0 | ||||
| Summary | 0009026: Support memory-hard password hashing method | ||||
| Description | Memory-hard password hashing algorithms (scrypt, argon2, etc..) make it even easier for an attacker to DOS our server. We need to apply a rate limit and a memory budget. It should be possible to configure a global password hashing memory budget and a parallelism limit. The function's memory configuration would then be memory_budget/parallelism and a semaphore could be used to apply the parallelism limit. | ||||
| Tags | security | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-07-26 14:24 | Antoine A | New Issue | |
| 2024-07-26 14:24 | Antoine A | Status | new => assigned |
| 2024-07-26 14:24 | Antoine A | Assigned To | => Antoine A |
| 2024-07-26 14:25 | Antoine A | Relationship added | related to 0009025 |
| 2024-07-26 14:26 | Antoine A | Relationship added | related to 0008264 |
| 2024-07-28 21:52 | Christian Grothoff | Severity | minor => tweak |
| 2025-04-17 23:54 | Christian Grothoff | Tag Attached: security | |
| 2025-04-24 01:04 | Christian Grothoff | Assigned To | Antoine A => |
| 2025-04-24 01:04 | Christian Grothoff | Status | assigned => confirmed |
