github/ha-core
1
Fork 0
mirror of https://github.com/home-assistant/core synced 2024-10-07 10:13:38 +02:00
Code Releases Activity
6f0c30ff84
ha-core/homeassistant/auth
History
Matt Hamilton bacecb4249 Replace pbkdf2 with bcrypt (#16071) 
* Replace pbkdf2 with bcrypt

bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.

  * the hash verification routine now only computes one hash per call
  * a per-user salt is built into the hash as opposed to the current
  global salt
  * bcrypt.checkpw() is immune to timing attacks regardless of input
  * hash strength is a function of real time benchmarks and a
  "difficulty" level, meaning we won't have to ever update the iteration
  count

* WIP: add hash upgrade mechanism

* WIP: clarify decode issue

* remove stale testing code

* Fix test

* Ensure incorrect legacy passwords fail

* Add better invalid legacy password test

* Lint

* Run tests in async scope
2018-08-26 22:50:31 +02:00
..
mfa_modules Add Time-based Onetime Password Multi-factor Authentication Module (#16129) 2018-08-26 22:38:52 +02:00
providers Replace pbkdf2 with bcrypt (#16071) 2018-08-26 22:50:31 +02:00
__init__.py Add Time-based Onetime Password Multi-factor Authentication Module (#16129) 2018-08-26 22:38:52 +02:00
auth_store.py Add support for revoking refresh tokens (#16095) 2018-08-21 11:02:55 -07:00
const.py
models.py Add type hints to homeassistant.auth (#15853) 2018-08-16 22:25:41 +02:00
util.py