Update password hashing algorithm #2216

New issue

Open

opened 2026-02-28 01:07:30 -05:00 by deekerman · 1 comment

deekerman commented 2026-02-28 01:07:30 -05:00

Owner

Copy link

Originally created by @MichaIng on GitHub (May 5, 2022).

SHA1 is ancient and simple to brute-force. We should switch to something modern, like pbkdf2_hmac, available without 3rd party libraries: https://nitratine.net/blog/post/how-to-hash-passwords-in-python/

But to not lock out users, we must keep SHA1 as fallback, e.g. we can derive the algorithm of the stores hash to derive whether it's still SHA1 and in case on login prompt the user to re-set it so that it is stores with new algorithm.

Originally created by @MichaIng on GitHub (May 5, 2022). SHA1 is ancient and simple to brute-force. We should switch to something modern, like pbkdf2_hmac, available without 3rd party libraries: https://nitratine.net/blog/post/how-to-hash-passwords-in-python/ But to not lock out users, we must keep SHA1 as fallback, e.g. we can derive the algorithm of the stores hash to derive whether it's still SHA1 and in case on login prompt the user to re-set it so that it is stores with new algorithm.

deekerman added the

security

Python

labels 2026-02-28 01:07:30 -05:00

deekerman commented 2026-02-28 01:07:34 -05:00

Author

Owner

Copy link

@Trigger-EX commented on GitHub (Dec 2, 2023):

+1

@Trigger-EX commented on GitHub (Dec 2, 2023): +1

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

enh/handle-mpg

enh/editable-admin-name

dev

copilot/sub-pr-3273

enh/conversion-specifier

beta

sendmail

python2

0.43.1

0.43.1b5

0.43.1b4

0.43.1b3

0.43.1b2

0.43.1b1

0.42.1

0.42

0.41

0.41rc1

0.40

0.40rc5

0.40rc4

0.40rc3

0.40rc2

0.40rc1

0.39.3

0.39.2

0.39.1

0.39

0.38.1

0.38

0.37.1

0.37

0.37rc1

0.36.1

0.36

0.35.2

0.35.1

0.35

0.35rc1

0.34.1

0.34

0.34rc1

0.33.4

0.33.3

0.33.2

0.33.1

0.33

0.32.1

0.32

0.31.5

0.31.4

0.31.3

0.31.2

0.31.1

0.31

0.30

0.30rc2

0.30rc1

0.29.1

0.29

0.29rc2

0.29rc1

0.28.3

0.28.2

0.28.1

0.28

0.27.2

0.27.1

0.27

0.26

0.25.2

0.25.1

0.25

0.24

0.23

0.22

0.21

0.20

0.19

0.18

0.17

0.16

0.15

0.14

0.13

0.12

0.11

0.10

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

Android app

  

Arch Linux

  

CI/CD

  

CSS

  

FreeBSD

  

HTML/HTTP

  

Home Assistant addon

  

JavaScript

  

Python

  

Raspberry Pi

  

Stale No Activity 60 Days

  

bug

  

code format

  

dependencies

  

dev branch

  

docker

  

documentation

  

duplicate

  

enhancement

  

feature

  

help wanted

  

i18n/l10n

  

invalid

  

legacy motionEye

  

meta

  

motion

  

motionEyeOS

  

notourproblem

  

python update

  

question

  

question

  

security

  

troubleshooting

  

wontfix

  

wontfix

No labels

Android app

Arch Linux

CI/CD

CSS

FreeBSD

HTML/HTTP

Home Assistant addon

JavaScript

Python

Raspberry Pi

Stale No Activity 60 Days

bug

code format

dependencies

dev branch

docker

documentation

duplicate

enhancement

feature

help wanted

i18n/l10n

invalid

legacy motionEye

meta

motion

motionEyeOS

notourproblem

python update

question

question

security

troubleshooting

wontfix

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/motioneye#2216

No description provided.