Skip to content

Hash Passwords #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Binit08 opened this issue Apr 8, 2025 · 3 comments · May be fixed by #42
Open

Hash Passwords #9

Binit08 opened this issue Apr 8, 2025 · 3 comments · May be fixed by #42
Assignees
@Eshan549
Labels
Medium - 10 points

Comments

@Binit08
Copy link

Binit08 commented Apr 8, 2025

Difficulty: 🟡 Medium
Labels: enhancement, security, auth

📝 Description:
Currently, passwords are stored in plain text in the database, which poses a major security risk. If the database is compromised, all user credentials are exposed.

🎯 Goal:
Use a cryptographic hashing library such as OpenSSL or bcrypt to securely store hashed passwords instead of raw text.
@Eshan549
Copy link

Hi @Binit08 bhaiya,
I'd like to quickly resolve this issue. My plan is to implement bcrypt hashing using libbcrypt to ensure passwords are stored securely. Given the urgency, I'll submit the PR within 24 hours.

Could you please assign this issue to me promptly?
Thanks!

@rupjyoti-patgiri
Copy link
Collaborator

Assigned

@HilariousSoupXD
Copy link
Contributor

HilariousSoupXD commented Apr 11, 2025
edited
Loading

Since Eshan549 hasn't yet made a PR, I would like to offer my idea to fix the above solution:

  1. Hash passwords before inserting them into the DB.
  2. Verify password input by hashing it and comparing with stored hash.
  3. Use SHA-256f hashing.

I understand this issue has already been assigned but would none the less appreciate if my PR would be considered as well. Other than that, it's a fun problem to tackle and the experience alone would suffice otherwise.

Eshan549 added a commit to Eshan549/ComplaintBox_CPP that referenced this issue Apr 11, 2025
@Eshan549
Fix: Secure password storage using bcrypt hashing (Fixes ComputerScie…
ca08852 
…nceSoceityNITS#9)
@Eshan549 Eshan549 linked a pull request Apr 11, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Eshan549 Eshan549

Labels
Medium - 10 points
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Secure password storage using bcrypt hashing (Fixes #9) Eshan549/ComplaintBox_CPP
4 participants
@HilariousSoupXD @Binit08 @Eshan549 @rupjyoti-patgiri