Skip to content

Commit

Permalink
Hardcode session encryption cost for migration (#2395)
Browse files Browse the repository at this point in the history
**Why**: In #2353 we changed the scrypt cost with changed the scrypt
cost which affected the session encryptor causing sessions encrypted by
old and new hosts to be incompatible. This commit hardcodes the cost in
the deprecated encryptor so that the sessions will be compatible between
hosts.
  • Loading branch information
jmhooper authored Aug 1, 2018
1 parent 0825840 commit 4ebdba3
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def self.load_or_init_user_access_key

key = Figaro.env.session_encryption_key
user_access_key = UserAccessKey.new(
password: key, salt: OpenSSL::Digest::SHA256.hexdigest(key)
password: key, salt: OpenSSL::Digest::SHA256.hexdigest(key), cost: '4000$8$4$'
)
@user_access_key_scrypt_hash = user_access_key.as_scrypt_hash
user_access_key
Expand Down

0 comments on commit 4ebdba3

Please sign in to comment.