Typo in /prologue/security/hashers.nim

[zr0z]

Hi,

There is a typo in the hasher signature for pbkdf2_sha256.

prologue/src/prologue/security/hasher.nim

Line 32 in 0858faa

result = fmt"pdkdf2_sha256${salt}${iterations}${output}"

Should be

result = fmt"pbkdf2_sha256${salt}${iterations}${output}"

The algorithm name is also wrong in pbkdf2_sha256verify :

prologue/src/prologue/security/hasher.nim

Line 66 in 0858faa

if algorithm != "pdkdf2_sha1":

I can create the PR for the fix but it will be a breaking change for people using this hasher, as pbkdf2_sha256verify would fail for already stored password digests.

On a side note, in the Python world, Passlib and Django are using pbkdf2_sha256${iterations}${salt}${hash}, so I was wondering if it would make sense to provide a compatible implementation, in parallel to the existing one.

I can create the necessary PRs if needed.

[ringabout]

Hi, thanks for reporting this issue. Since this module is not used internally, maybe we should deprecate this module. Eventually they can be implemented externally.

[ringabout]

so I was wondering if it would make sense to provide a compatible implementation, in parallel to the existing one.

If you want to implement it under the planety organization, I can invite you as a member.

[zr0z]

If you want to implement it under the planety organization, I can invite you as a member.

That's a great offer, thank you very much. Let me think about it!