Password hashing algorithm changes

PR 1201 changes the hashing algorithm for passwords from SCrypt to BCrypt in a backward compatible manner. Old (SCrypt type) passwords can still be used. New passwords will be hashed with BCrypt.

hi @subotic, I was wondering what the reason was for this switch?

Mainly this article:

But for me, it boils down to ease of use and here I find BCrypt easier. There is only one parameter and it can be configured in application.conf.

Anyway, someday we should add two-factor authentication. I don’t find using only passwords very secure. Also, we could add the support for different password hashing algorithms which could then be configured.

Hmm, now there is also Argon2:

i’m not sure to fully understand, but as you prefer