themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Remove DIY password hashing crypto

Browse source 
The old system for hashing passwords and permitting users to select
their algorithm has been deprecated and phased out since 2015. This
removes the remaining functions for hashing passwords to clear the way
for .NET5/6 and for OTAPI 3.

In 211b70ca37, I allowed blank passwords
to upgrade to bcrypt hashes. However, the minimum password length has
been 4 historically for a long time. So I don't actually assume a lot of
users have blank passwords, so I think there are very few, if any of the
old hashes laying around.

So therefore, I think this is pretty much safe to merge.
This commit is contained in:
Lucas Nicodemus 2021-11-22 10:26:57 -08:00
parent 614211d7a1
commit 9416e8f1e2
3 changed files with 3 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

5
TShockAPI/Configuration/TShockConfig.cs
View file

@ -368,11 +368,6 @@ namespace TShockAPI.Configuration
[Description("The minimum password length for new user accounts. Can never be lower than 4.")]
public int MinimumPasswordLength = 4;
/// <summary>The hash algorithm used to encrypt user passwords.
/// Valid types: "sha512", "sha256" and "md5". Append with "-xp" for the xp supported algorithms.</summary>
[Description("The hash algorithm used to encrypt user passwords. Valid types: \"sha512\", \"sha256\" and \"md5\". Append with \"-xp\" for the xp supported algorithms.")]
public string HashAlgorithm = "sha512";
/// <summary>Determines the BCrypt work factor to use. If increased, all passwords will be upgraded to new work-factor on verify.
/// The number of computational rounds is 2^n. Increase with caution. Range: 5-31.</summary>
[Description("Determines the BCrypt work factor to use. If increased, all passwords will be upgraded to new work-factor on verify. The number of computational rounds is 2^n. Increase with caution. Range: 5-31.")]