I suggest you ...

Implement BCrypt or SCrypt for IHashProvider

ServiceStack/Auth/SaltedHash.cs appears to implement one round of a HashAlgorithm. This constrains the user to KeyedHashAlgorithm, MD5, RIPEMD160, SHA1, SHA256, SHA384, and SHA512, none of which are suitable for hashing passwords.

Would the ServiceStack project consider one of the existing BCrypt or SCrypt implementations in the GitHub community (for example viniciuschiele/Scrypt) or does it require that the library be professionally audited by penetration testers?

Would it accept a contribution given a valid CLA?

1 vote
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Adrian Cohea shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
declined  ·  AdminDemis J Bellot (Developer, ServiceStack) responded  · 

No we can’t force any additional dependencies to the core ServiceStack.dll but you can use your own custom HashProvider by registering it in the IOC, e.g:

container.Register(c =>
new MyCustomHash());

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base