Codeberg has changed its Terms of Use to allow more licenses for your projects. For more information, read our blog post.

This website requires JavaScript.

forgejo/docs

forgejo/docs

Code Issues 54 Pull requests 19 Activity Actions

Write recommendations for a suitable value for `[security].PASSWORD_HASH_ALGO` #1204

New issue

Open

opened 2025年05月28日 13:16:38 +02:00 by Gusted · 0 comments

Gusted commented

2025年05月28日 13:16:38 +02:00

Owner

Copy link

There should be a recommendation written in the recommendations page for what a sensible value for [security].PASSWORD_HASH_ALGO is. The default pbkdf2_hi is very CPU-bound and easily slow down individual requests by 500ms, argon2 and scrypt are more memory-bound and would still offer the equivalent security.

There should be a recommendation written in [the recommendations page](https://forgejo.org/docs/latest/admin/recommendations/) for what a sensible value for `[security].PASSWORD_HASH_ALGO` is. The default `pbkdf2_hi` is very CPU-bound and easily slow down individual requests by 500ms, `argon2` and `scrypt` are more memory-bound and would still offer the equivalent security.

Sign in to join this conversation.

No Branch/Tag specified

next

cli

v14.0

v13.0

v11.0

v12.0

bp-v12.0-a6c8557

v7.0

v10.0

v9.0

v8.0

v1.21

v1.20

v1.19

Labels

Clear labels

Broken links or missing content

Changes which should be backported to the v1.19 docs

Archived

Changes which should be backported to the v1.20 docs

Archived

Changes which should be backported to the v1.21 docs

Archived

Automated backport to v10.0

Archived

Automated backport to v11.0

Automated backport to v12.0

Archived

Automated backport to v13.0

Automated backport to v14.0

Automated backport to the v7.0 docs

Archived

Automated backport to the v8.0 docs

Archived

Automated backport to the v9.0 docs

Archived

good first issue

This issue is suitable for "drive-by contributors" wanting to contribute for the first time, and fixing it should be straightforward.

Tooling and processes for maintaining the docs

Content to be added to the documentation

Archived

User research - Accessibility

Requires input about accessibility features, likely involves user testing.

User research - Blocked

Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.

User research - Community

Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.

User research - Config (instance)

Instance-wide configuration, authentication and other admin-only needs.

User research - Errors

How to deal with errors in the application and write helpful error messages.

User research - Filters

How filter and search is being worked with.

User research - Future backlog

The issue might be inspiring for future design work.

User research - Git workflow

AGit, fork-based and new Git workflow, PR creation etc

User research - Labels

Active research about Labels

User research - Moderation

Moderation Featuers for Admins are undergoing active User Research

User research - Needs input

Use this label to let the User Research team know their input is requested.

User research - Notifications/Dashboard

Research on how users should know what to do next.

User research - Rendering

Text rendering, markup languages etc

User research - Repo creation

Active research about the New Repo dialog.

User research - Repo units

The repo sections, disabling them and the "Add more" button.

User research - Security

User research - Settings (in-app)

How to structure in-app settings in the future?

No labels

good first issue

User research - Accessibility

User research - Blocked

User research - Community

User research - Config (instance)

User research - Errors

User research - Filters

User research - Future backlog

User research - Git workflow

User research - Labels

User research - Moderation

User research - Needs input

User research - Notifications/Dashboard

User research - Rendering

User research - Repo creation

User research - Repo units

User research - Security

User research - Settings (in-app)

Clear milestone

No items

No milestone

Clear projects

No items

No project

Clear assignees

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo/docs#1204

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?