use bcrypt as default password hashing algo

argon2id has a high memory cost and, if not properly tuned, it can lead to resource starvation. Advanced users can still configure and use argon2id. Passwords stored as argon2id will continue to work
2025-12-07 23:00:55 +03:00 · 2021-04-25 09:38:33 +02:00
parent 74b51f0ad3
commit 46998252e5
10 changed files with 70 additions and 27 deletions
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@@ -66,7 +66,7 @@ type Admin struct {

 func (a *Admin) checkPassword() error {
 	if a.Password != "" && !strings.HasPrefix(a.Password, argonPwdPrefix) {
-		if config.PasswordHashingAlgo == HashingAlgoBcrypt {
+		if config.PasswordHashing.Algo == HashingAlgoBcrypt {
 			pwd, err := bcrypt.GenerateFromPassword([]byte(a.Password), config.PasswordHashing.BcryptOptions.Cost)
 			if err != nil {
 				return err