-
- Downloads
!!! BREAKING CHANGE !!! Switch to the proven memory-hard password-hashing...
!!! BREAKING CHANGE !!! Switch to the proven memory-hard password-hashing alogorithm BALLOON. The stored password hash will be upgraded on the first successdful login. To wave the necessity to implement BALLOON with every client trying to access the API, we remove the existing challenge-response authentication in favor of allowing login straight with the password. This has been avoided in the past, however, seems now acceptable that FTL (even by default) offers secure end-to-end encryption over HTTPS.
Signed-off-by: 
DL6ER <dl6er@dl6er.de>
Showing
- .github/workflows/build.yml 1 addition, 1 deletion.github/workflows/build.yml
- src/CMakeLists.txt 2 additions, 2 deletionssrc/CMakeLists.txt
- src/FTL.h 0 additions, 6 deletionssrc/FTL.h
- src/api/auth.c 103 additions, 217 deletionssrc/api/auth.c
- src/api/config.c 11 additions, 1 deletionsrc/api/config.c
- src/api/docs/content/specs/auth.yaml 19 additions, 33 deletionssrc/api/docs/content/specs/auth.yaml
- src/config/cli.c 11 additions, 1 deletionsrc/config/cli.c
- src/config/password.c 296 additions, 1 deletionsrc/config/password.c
- src/config/password.h 1 addition, 0 deletionssrc/config/password.h
- src/lua/ftl_lua.c 1 addition, 1 deletionsrc/lua/ftl_lua.c
- src/webserver/x509.c 4 additions, 4 deletionssrc/webserver/x509.c
- src/webserver/x509.h 4 additions, 1 deletionsrc/webserver/x509.h
- test/api/checkAPI.py 1 addition, 1 deletiontest/api/checkAPI.py
- test/api/json/add_password.json 1 addition, 1 deletiontest/api/json/add_password.json
- test/api/libs/FTLAPI.py 11 additions, 50 deletionstest/api/libs/FTLAPI.py
- test/test_suite.bats 8 additions, 20 deletionstest/test_suite.bats
Loading
Please register or sign in to comment