From c474b62d167e44b536e14abc9cc5c2a2e0d6e0bc Mon Sep 17 00:00:00 2001 From: arzumify Date: Sun, 25 Feb 2024 19:38:36 +0000 Subject: [PATCH] Update APIDOCS.md --- APIDOCS.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/APIDOCS.md b/APIDOCS.md index f2d0882..7544c97 100644 --- a/APIDOCS.md +++ b/APIDOCS.md @@ -13,21 +13,29 @@ To prevent the server from knowing the encryption key, the password you provide If you wish to change the user's password, set "changepassword" to "yes" and "newpass" to the new hash. -Some users use the legacy argon2id mode (by which i mean about 8), and to implement argon2id functionality, you hash like this: + +Some users use the legacy argon2id mode (by which i mean about 8, so only implement if you feel like it), and to implement argon2id functionality, you hash like this: Parallelism should be 1 + Iterations should be 256 + Memory Allocated in bytes should be 512 + Length of Hash should be 32 bytes + The output should be in the encoded format, not the hashed format + Salt should be the SHA512 of the password + (Yes i know this is really bad practice, guess why we are replacing it) To test if SHA-3 or argon2 is used, just try the SHA-3 and if 422 gets returned try argon2. (For the sake of all of us, change the password to the SHA-3 hash) + Password should be at least 8 characters, username must be under 20 characters and alphanumeric. If username is taken, error code 422 will return.