Argon2id self-migrating secret hashing: hashPassword/hashRecoveryPhrase now use argon2id (OWASP params); verifyPassword detects algo by prefix and verifies both argon2id and legacy bcrypt; needsRehash() flags bcrypt hashes; callers rehash on next successful login; cli init upgraded; legacy bcrypt path covered by tests (v1.56.122)
$ koh steal kepr.uk/kepr@6b5c25c000a2
·
parent: ab97191f9f0d
discussion
log in to leave a comment.