Changes between Initial Version and Version 1 of Ticket #21022, comment 153
- Timestamp:
- 11/21/2024 02:42:54 PM (3 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 153
initial v1 1 Please refer OWASP's documentation [https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords-with-bcrypt], they don't recommend pre-hashing passwords when using bcrypt .1 Please refer OWASP's documentation [https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords-with-bcrypt], they don't recommend pre-hashing passwords when using bcrypt, including use base64 to encoding the sha hash result. 2 2 3 3 Perhaps we can add input length restrictions to prevent users from using too long passwords?