paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Document password hashing change from PBKDF2 to Argon2.

Browse Source 
This changed in commit 483a351d44
(#3410).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2021-05-14 12:47:55 -07:00
committed by Tim Abbott
parent 056e7d1a36
commit e3c570401e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/production/security-model.md
View File

@@ -43,7 +43,10 @@ announcement).
### Passwords
Zulip stores user passwords using the standard PBKDF2 algorithm.
Zulip stores user passwords using the standard Argon2 and PBKDF2
algorithms. Argon2 is used for all new and changed passwords as of
Zulip Server 1.6.0, but legacy PBKDF2 passwords that were last changed
before the 1.6.0 upgrade are still supported.
When the user is choosing a password, Zulip checks the password's
strength using the popular [zxcvbn][zxcvbn] library. Weak passwords