request #42196 Migrate to Argon2id to store password

Infos

Artifact ID#42196

Submitted byThomas Gerbet (tgerbet)

Last Modified On2025-03-11 16:28

Submitted on2025-03-07 10:59

Rank43864

Details

Summary *

Migrate to Argon2id to store password

Original Submission

Tuleap is currently using bcrypt which is still fine and adequate however the 72 bytes limit can be a source of issue. It is possible to disable this footgun I would prefer to avoid introducing a custom hash construction so migrating to Argon2id is easier.

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2025-03-11

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #41092	Tuleap	Releases	16.6	Under development	2025-03-04 11:52	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #42196

Git commit

tuleap/tuleap/stable

feat: request #42196 Migrate to Argon2id to store password 3b283076e2

Thomas Gerbet (tgerbet) , 2025-03-07 11:31

Merge commit 'refs/changes/00/33700/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD a2a0f8735b

Marie Ange Garnier (marieange) , 2025-03-11 16:21

Show items referenced by request #42196

Referenced by request #42196

Artifact Tracker v5

rel #41092 16.6

Git commit

tuleap/tuleap/stable

feat: request #42196 Migrate to Argon2id to store password 3b283076e2

Thomas Gerbet (tgerbet) , 2025-03-07 11:31

Other

Follow-ups

Marie Ange Garnier (marieange)

2025-03-11 16:28

Connected artifacts
- Added Fixed in: rel #41092

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-03-11 16:22

Implemented by @tgerbet with git #tuleap/stable/3b283076e2d0a01b94ff3d5314bd825ad8c8b0b3.

Status changed from Under review to Closed
Close date set to 2025-03-11

Thomas Gerbet (tgerbet)

2025-03-07 11:33

See gerrit #33700.

Status changed from Under implementation to Under review