letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Document how to migrate passwords from Synapse with a pepper set (#4353)

Browse Source
This commit is contained in:
Quentin Gliech
2025-04-11 16:40:14 +02:00
committed by GitHub
parent 0fe9f69df2 b802f8f173
commit 32f19afec6
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/setup/migration.md
View File

@@ -45,6 +45,7 @@ Follow the instructions in the [installation guide](installation.md) to install
Synapse uses bcrypt as its password hashing scheme while MAS defaults to using the newer argon2id.
You will have to configure the version 1 scheme as bcrypt for migrated passwords to work.
It is also recommended that you keep argon2id as version 2 so that once users log in, their hashes will be updated to the newer recommended scheme.
If you have a `pepper` set in the `password_config` section of your Synapse config, then you need to specify this `pepper` as the `secret` field for your `bcrypt` scheme.
Example passwords configuration:
```yml
@@ -53,6 +54,8 @@ passwords:
schemes:
- version: 1
algorithm: bcrypt
# Optional, must match the `password_config.pepper` in the Synapse config
#secret: secretPepperValue
- version: 2
algorithm: argon2id
```