On Thu, Oct 11, 2018, at 13:56, Thomas Bruyelle wrote: > Unfortunately, because of that version mismatch, all my users' hashes were > created with a version not supported by golang.org/x/crypto/argon2, so I > can't migrate :/
I hope no problems are ever discovered in Argon2 then, it's generally a good idea to have some sort of system for migrating hashes :) For example, when the user next logs in you could verify that he hash is correct, but also calculate the new hash and update it and set a prefix or a bit in the database somewhere saying that they're on "hash mechanism v2". There's no need to force reset every password all at once since this isn't a security issue. —Sam -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.