Skip to content

Documentation should not reference external BCrypt tool #5698

New issue
New issue
Closed
Closed
Documentation should not reference external BCrypt tool#5698
Labels
SecurityactionableClear and specific issues ready for anyone to take them.good first issueIdeal for your first contribution! (some Symfony experience may be required)hasPRA Pull Request has already been submitted for this issue.
@AndrewCarterUK

Description

@AndrewCarterUK
AndrewCarterUK
opened on Sep 16, 2015

Currently the documentation suggests using this online tool to generate BCrypt hashes.

Although this tool may have been set up with the best of intentions - we have no way of proving that the operator is not farming the input BCrypt hashes (or that the service has not been compromised).

I think these references in the documentation should be removed, as it is not a good security practice to generate password hashes like this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecurityactionableClear and specific issues ready for anyone to take them.good first issueIdeal for your first contribution! (some Symfony experience may be required)hasPRA Pull Request has already been submitted for this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions