Security Journey

The password storage vulnerability is not fixed. Passwords are not being hashed by Argon2 correctly.

Ensure the Argon2 hashing function is being called correctly. See the Remediation step for specific code examples on how to call the function; ensure the arguments you are providing are the correct type. Verify that you are inserting the hash into the <code>password</code> column within the <code>user</code> table.

Register a new user and look at the User Registry tab. If you are calling the hashing function correctly, the password column should contain a hash that looks similar to this:

Ensure the different parts that make up the hash string are the expected values:

Variation should be <code>argon2id</code>

- Variation should be <code>argon2id</code>
- Memory cost should be <code>65536</code>
- Time cost should be <code>3</code>

If any of these values do not match what you see in the password column, examine your <code>register</code> function for bugs.

Vulnerability Is Not Fixed (Secure Password Storage: Part 3 Lesson)

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Issue:

Test 1:

Test 2: