letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Document password scheme secret field for migrations

Browse Source 
Signed-off-by: Samuel Lorch sam@soontm.de
This commit is contained in:
Samuel Lorch
2025-04-11 11:45:28 +02:00
parent 2482911281
commit 4b073ea079
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/setup/migration.md
View File

@@ -45,6 +45,7 @@ Follow the instructions in the [installation guide](installation.md) to install
Synapse uses bcrypt as its password hashing scheme while MAS defaults to using the newer argon2id.
You will have to configure the version 1 scheme as bcrypt for migrated passwords to work.
It is also recommended that you keep argon2id as version 2 so that once users log in, their hashes will be updated to the newer recommended scheme.
If you have set a pepper in the Synapses password_config section of your homeserver.yaml then you need to specify this pepper as the secret field for your bcrypt scheme. Otherwise logins with the correct Password will fail.
Example passwords configuration:
```yml
@@ -53,6 +54,8 @@ passwords:
schemes:
- version: 1
algorithm: bcrypt
# Optional, The secret field is the equivalent to Synapses password_config pepper.
secret: secretPepperValue
- version: 2
algorithm: argon2id
```