- Mar 02, 2024
-
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
argon2 is only really used to allow migrations from firefish-like instances. using argon2 for everything prevents seamless migrations to upstream misskey in exchange for a debatable[1][2] increase in security. so, let's keep accepting existing argon2 hashes, but rehash them to bcrypt on login. [1]: https://infosec.exchange/@epixoip/110912922574721750, https://github.com/epixoip/hmac-bcrypt/?tab=readme-ov-file#justification [2]: the bcrypt implementation used in misskey doesn't support passwords > 72 bytes, but we cannot do anything about *that* without breaking compatibility, bringing us back to where we started (upstream; if you're reading this, please consider hmac-bcrypt!)
-
S Kopper authored
especially important given we have access to all other services through DI
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
does not include things rendered via HTTP calls
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
couldn't reproduce the issue locally so this is completely untested
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
finally i can drop meilisearch for good :3c
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
Co-authored-by: blueb <ihateblueb@proton.me>
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-
S Kopper authored
-