Hi Bitwarden team,

I noticed that the two-factor.component.ts file imports 'duo_web_sdk', however this dependency is nowhere declared in angular or jslib package.

It is actually declared in the desktop package's package.json.

I'm not sure if it's intentional, but it seems like the dependency should be declared at where it is used, i.e. in jslib/angular/package.json.

I'm the maintainer of the Arch User Repository of bitwarden (https://aur.archlinux.org/packages/bitwarden/) and our current build script complains when two-factor.component.ts tries to import a dep that's not declared in the package. It seems to build fine if I patch jslib/angular/package.json tho.

Thanks

On Chrome, when you toggle visibility of the master password, the cursor moves to the start of the input field. Noticed it does this on Chrome web vault and Chrome browser extension. I tried on Safari and can't reproduce this issue.

There was an issue (browser#2178) opened in the browser repo but since the code is in jslib, thought I'd open an issue here. I have a work around but was wondering if this was already tackled before I open a pull request.

I am a BW user. One of my biggest gripes is the lousy search algorithm that uses OR instead of AND. I've seen very old feature requests in the forums but no change/update. I'm a programmer so I thought I'd see if I could clone the repo and make some changes myself. I looked through the code; it's pretty complex.

Looking through the web code, I thought the search algorithm would be defined in jslib/abstractions/search.service but I can't figure out where to go from there.

If I spend a few days/weeks I could probably find the relevant area I need to tweak.

In the interest of time, I'm hoping someone could point me to the file/function responsible for actually doing the search. I just want to change the logic to use AND instead of OR.

Any pointers are appreciated.

1password import does not import 1p identities as bitwarden identities

I imported a 1pif file which contained several identities. They were imported as secure notes, even though bitwarden has an identity type. You can tell they are identities by looking this field : "typeName":"identities.Identity"

1password imports trashed items with no differentiation

The 1pif file does tag trashed items with a "trashed":true, tag. Maybe bitwarden can automatically put them in one category for easy categorization, such as a '1password import trashed items'. Another alternative would be to implement a trashbin feature and put those imported items into the new trashbin.

1 password import does not import the password part of password items

In a 1pif import "typeName":"passwords.Password" items do not have their passwords fields imported, but instead show up as weird stub items

"typeName":"webforms.WebForm do seem to get imported properly

This came from a 1password 6.8.9 export

1password import does not import password history
There are password history fields in 1pif items ("passwordHistory":), so it's something bitwarden could import too.

1password import doesn't import attachments
For example, I have pictures attached to my credit cards and id card items. 1 password export does export the attachments, but bitwarden import does not.

When importing an exported CSV file from KeepassX, the import does not create subfolders of subfolders.

Example:
CSV contains test/test2/test3
This will create a folder called test, with a subfolder called test2/test3 instead of a folder called test2 which contains test3.

Workaround:
Export to XML with Keepass2, and import XML with Bitwarden

(14! * 8 * 57^13) % (57^14 - 49^14) should be 0 but isn't. That's for the default password generation but is true for all(?) others with minimums. Here's a slightly more general formula (length! * digitCharSetLength^minDigits * charSetLength^(length-minDigits)) % (charSetLength^length - (charSetLength-digitCharSetLength)^length) ?=? 0. Having more than one minimum complicates this formula and is besides the point.

Fixing this is a little complicated so this should either be mentioned as a comment in the code or actually fix.

Hi I am seeing error: cannot decrypt when using bitwarden. Issue seems to happen most often when computer(either mac or pc) comes back on from sleep mode. In order to resolve, I often have to exit all chrome windows and restart chrome.

Any ideas on how to resolve the root problem? Any details I can gather to help troubleshoot this issue?

Screenshot: https://i.imgur.com/ibAz6vo.png

Details:

• Chrome version 98.0.4758.80
• Mac OS Catalina

Please advise.

It would be nice to have an option to use more characters in the password generator.

I regularly use the GRC generator for its random printable ASCII characters.

(Not sure if this issue should be on this repo)

It would be cool if bitwarden would suggest to add TOTP 2FA for websites that support it. Maybe using https://twofactorauth.org/data.json. It could be added as a note when you view a compatible website, plus new tool to view the OTP status for all the compatible sites

When building jslib (as part of bitwraden) I get these errors, which I assume is because we switched to electron 12:

[Main] [24] ./src/main.ts + 17 modules 86.7 KiB {0} [built] [1 warning]
[Main]      | ./src/main.ts 7.8 KiB [built]
[Main]      | ./src/services/i18n.service.ts 979 bytes [built]
[Main]      | ./src/main/menu.main.ts 20.7 KiB [built]
[Main]      | ./src/main/messaging.main.ts 5.21 KiB [built]
[Main]      | ./src/main/powerMonitor.main.ts 3.15 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/keytarStorageListener.ts 1.77 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/services/electronLog.service.ts 1.19 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/services/electronMainMessaging.service.ts 444 bytes [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/services/electronStorage.service.ts 769 bytes [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/tray.main.ts 6.31 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/updater.main.ts 6.42 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts 11.9 KiB [built] [1 warning]
[Main]      | ./src/main/nativeMessaging.main.ts 9.2 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/utils.ts 1.07 KiB [built]
[Main]      | ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/baseMenu.ts 6.46 KiB [built]
[Main]      |     + 3 hidden modules
[Main] [25] ./src/entry.ts + 3 modules 6.04 KiB {0} [built]
[Main]      | ./src/entry.ts 1.01 KiB [built]
[Main]      | ./src/proxy/native-messaging-proxy.ts 580 bytes [built]
[Main]      | ./src/proxy/ipc.ts 1.45 KiB [built]
[Main]      | ./src/proxy/nativemessage.ts 3 KiB [built]
[Main]     + 11 hidden modules
[Main] 
[Main] WARNING in ../jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts
[Main] Module Warning (from ./node_modules/tslint-loader/index.js):
[Main] [121, 17]: members are not aligned
[Main] [122, 17]: members are not aligned
[Main] [123, 17]: members are not aligned
[Main] [124, 17]: members are not aligned
[Main] 
[Main]  @ ./src/main.ts 24:0-56 77:30-40
[Main]  @ ./src/entry.ts
[Main] 
[Main] ERROR in /build/bitwarden/src/desktop-1.25.0/jslib/src/electron/window.main.ts
[Main] [tsl] ERROR in /build/bitwarden/src/desktop-1.25.0/jslib/src/electron/window.main.ts(124,17)
[Main]       TS1117: An object literal cannot have multiple properties with the same name in strict mode.
[Main] 
[Main] ERROR in /build/bitwarden/src/desktop-1.25.0/jslib/src/electron/window.main.ts
[Main] [tsl] ERROR in /build/bitwarden/src/desktop-1.25.0/jslib/src/electron/window.main.ts(124,17)
[Main]       TS2300: Duplicate identifier 'enableRemoteModule'.
[Main] 
[Main] ERROR in /build/bitwarden/src/jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts
[Main] [tsl] ERROR in /build/bitwarden/src/jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts(124,17)
[Main]       TS1117: An object literal cannot have multiple properties with the same name in strict mode.
[Main] 
[Main] ERROR in /build/bitwarden/src/jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts
[Main] [tsl] ERROR in /build/bitwarden/src/jslib-f80e89465ffc004705d2941301c0ffb6bfd71d1a/src/electron/window.main.ts(124,17)
[Main]       TS2300: Duplicate identifier 'enableRemoteModule'.
[Main] npm ERR! code ELIFECYCLE
npm ERR! errno 2
[Main] npm ERR! [email protected] build:main: `webpack --config webpack.main.js`
[Main] npm ERR! Exit status 2
[Main] npm ERR! 
npm ERR! Failed at the [email protected] build:main script.
[Main] npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
[Main] 
[Main] npm ERR! A complete log of this run can be found in:
[Main] npm ERR!     /build/bitwarden/src/npm_cache/_logs/2021-03-12T15_34_38_876Z-debug.log
[Main] npm run build:main exited with code 2
[Rend] Hash: 1e603c4acffdd16e94cf
[Rend] Version: webpack 4.29.0
[Rend] Time: 59421ms
[Rend] Built at: 03/12/2021 3:35:04 PM
[Rend]  2 assets
[Rend] Entrypoint app/main = app/main.js
[Rend] [0] ./src/app/main.ts 0 bytes {0} [built]
[Rend] 
[Rend] ERROR in jslib/src/electron/window.main.ts:124:17 - error TS1117: An object literal cannot have multiple properties with the same name in strict mode.
[Rend] 
[Rend] 124                 enableRemoteModule: true, // TODO: This needs to be removed prior to Electron 14.
[Rend]                     ~~~~~~~~~~~~~~~~~~
[Rend] jslib/src/electron/window.main.ts:124:17 - error TS2300: Duplicate identifier 'enableRemoteModule'.
[Rend] 
[Rend] 124                 enableRemoteModule: true, // TODO: This needs to be removed prior to Electron 14.
[Rend]                     ~~~~~~~~~~~~~~~~~~
[Rend] 
[Rend] Child html-webpack-plugin for "index.html":
[Rend]      1 asset
[Rend]     Entrypoint undefined = index.html
[Rend]     [0] ./node_modules/html-webpack-plugin/lib/loader.js!./src/index.html 600 bytes {0} [built]
[Rend] npm ERR! code ELIFECYCLE
[Rend] npm ERR! errno 2
[Rend] npm ERR! [email protected] build:renderer: `gulp prebuild:renderer && webpack --config webpack.renderer.js`
[Rend] npm ERR! Exit status 2
[Rend] npm ERR! 
[Rend] npm ERR! Failed at the [email protected] build:renderer script.
[Rend] npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
[Rend] 
[Rend] npm ERR! A complete log of this run can be found in:
[Rend] npm ERR!     /build/bitwarden/src/npm_cache/_logs/2021-03-12T15_35_05_400Z-debug.log
[Rend] npm run build:renderer exited with code 2
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] build: `concurrently -n Main,Rend -c yellow,cyan "npm run build:main" "npm run build:renderer"`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR!     /build/bitwarden/src/npm_cache/_logs/2021-03-12T15_35_05_549Z-debug.log
==> ERROR: A failure occurred in build().

It would be great if the passphrase generation had some more options/refinements, namely:

1. Randomly select a character from a subset as the separator between words
2. Min/Max Character Sizes for the word character sizes
3. Add a number after every single word, instead of just one
4. Randomly capitalize each word instead of just capitalizing all of them or none of them

I have seen this implemented in other password managers and it greatly increases the entropy of the password especially if the attacker already knows that the password was created by Bitwarden.

I would be happy to do the coding work if someone can direct me to the correct places. I know that I would have to change the passwordGeneration.service.ts and the passwordGeneratorPolicyOptions files. Are there other features I would have to change in order to get into the UI.

You can already import Dashlane JSON file but not Dashlane CSV file.

I am making this request because i can't export my Dashlane passwords in JSON format. There is a bug in Dashlane that export both JSON and CSV option in CSV file.

Please add a Dashlane CSV import so i can import all my password in Bitwarden !

Hi,

I was trying to compile the desktop app in ubuntu and when I try npm run electron everything seems to be fine at first until it trips up on nodeUtils

Is this a bug or am I configuring something wrong? The desktop readme doesn't provide much detail. Any help?

ubuntu 18.04.4 LTS
node v12.18.2
npm v6.14.5

Thanks

| ./jslib/src/electron/updater.main.ts 6.34 KiB [built]
| ./jslib/src/electron/window.main.ts 10.8 KiB [built]
| ./jslib/src/services/i18n.service.ts 5.9 KiB [built]
| + 4 hidden modules

ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts
[tsl] ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts(20,60)
TS2345: Argument of type 'ReadStream' is not assignable to parameter of type 'ReadLineOptions'.
Property 'input' is missing in type 'ReadStream' but required in type 'ReadLineOptions'.

ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts
[tsl] ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts(22,30)
TS7006: Parameter 'line' implicitly has an 'any' type.

ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts
[tsl] ERROR in /home/user/git/bitwarden_desktop/jslib/src/misc/nodeUtils.ts(26,31)
TS7006: Parameter 'err' implicitly has an 'any' type.

Hi, I'm trying to import my 1Password data via a .1pif file. I'm getting an error that says "Data is not formatted correctly." Obviously I can't share my .1pif file, but is there any way I can enable debugging so I can see what lines in the .1pif file the parser is choking on?

I've tried using the web front-end to import a CSV exported from Mac 1Password 7. I've confirmed the exported CSV has URL fields populated but no URIs are populated in BitWarden.

package-lock.json in some commits, e.g. d1c46e6 specified by https://github.com/bitwarden/desktop/, is out of sync with package.json.

How to test? npm ci

This is quite problematic when building https://github.com/flathub/com.bitwarden.desktop/, where the build process is offline and deps are cached beforehand.

Although https://github.com/bitwarden/jslib/commits/master seems to be good now, it seems that your lockfile update procedure might have some non-standard steps.

EDIT:
Accidentally opened issue in wrong repo -- please ignore.

Executing the following, i noticed that the GUIDs are not quite following RFC 4122:

$ bw list items | jq '.[].id' | awk -F '[-"]' '{print $6}' | sort
a7ef016698b9
a7ef017a7a96
a7f2010cf0c5
a7f2011d21ff
a7f20174676e
a7f3011d3ffb
a7f3015ae816
a7f301688f0e
a7f301780bc3
a7f901482b5c
a7f90177367c
a7fc01038595
a7fc010d0f1c
a7fc0156518a
a8000167ec93
a8000175d320
a816016f932c
a817015eeab2
a81701602d93
a81f016b140b
a8200113fb52
a82001701e26
a823018386cb
a824017fb706
a82500114bd8
a82500124e9a
a8250188b1b7
a825018af619
a82701359912
a82a0138a296
a82a015c80fe
a82a0177e0c8
a82e011d909d
a83e01083b14
a846013c1861
a8480114d6bd
a8480172f9f6
a8500126decd
a8500128283f
a85601356e1b
a857000d86fd
a857000e2ccb
a857000f8117
a857000fbe1a
a85d00d59800
a8640129e5d0
a86401300f66
a8650168b18d
a86e0004fa26
a8710157bd3a
a8890113a0d6
a89c0147ac1a
a8b200e53f33
a8b400ecaa37
a8c301721cdd
a8c3017cd8f2
a8ca00262368
a8ca00e0df9a
a8ca00ef81b9
a8d800e77308
a8ec00eea2b4
a8ec00efe635
a8ec00f162a6
a8ec00f3924b
a8ec00f4fd83
a8ed013de6ff
a8fa01253f71
a90b0172cf5f
a90c002c29a4
a90c0035925e
a915007269a0
a91b01206c24
aa190125430b
aa680157c4b3
aa68015803a5
aa680158a11c
aa6801628bf5
aa6801632ba3
aa6801635ff5
aa680163988b
aa680163f17d
aa6801649379
aa680164d4b2
aa68016549f9
aa680165c739
aa68016a33bb
aa69001f2ee9
aa69001f6f48
aa69001fb211
aa69001fede8
aa690020f6c8
aa69002135eb
aa69002165aa
aa690021c097
aa690022a73d
aa69002347fa
aa690023ae2e
aa69002427e2
aa6900246498
aa690024c2e0
aa6900250555
aa6900253191
aa69002568d2
aa690026b333
aa6900289558
aa6900292576
aa6900296b6e
aa690029ea1b
aa69002a4a63

As you can see, the 6th byte is always one of 0xa[789a]. If the 6th byte is 0xaa, then the 5th byte is either 0x68 or 0x69. Further, if the 6th and 5th bytes are 0xaa69, then the 4th byte is always 0x00. You can see other patterns in the output. It's also consistent when getting folder IDs.

Is this expected, or a bug?

I'm not precisely sure where to send this (it applies to desktop, mobile, and web, at least), so I thought this would be a good place since it shares common code between all three.

I recently heard that Bitwarden had implemented an hcaptcha-based CAPTCHA solution to prevent bots and spammers from accessing vaults. Though I applaud the goal, the solution -- hcaptcha -- is not the right solution for this job. I understand that Recaptcha is owned by Google, and that therefore all users are subject to tracking of one form or another, however please read this comment in its entirety before dismissing this suggestion on principals.

Hcaptcha -- within the disabled community -- is notorious for its failures to ensure equal accessibility for all. Hcaptcha relies on an "accessibility cookie": you open a particular website, enter your email, verify that email, and then you set a cookie in your browser that tells hcaptcha that the user is disabled and therefore needs to skip the captcha. I've no doubt that everyone reading this has kept up with recent browser developments and therefore will immediately be aware of this strategys Achilles' heel: browsers that respect the privacy of their users have disabled third-party cookies (and heavily restricted their use). Therefore, any website using Hcaptcha is automatically broken unless this setting is either disabled or you disable it for the website in question (because the domain that you use Hcaptcha on is not the domain that you got the accessibility cookie on). But the Achilles' heel is much worse than that, because Hcaptcha also demands this "accessibility cookie" within Electron apps (and other web apps that are not web browsers and therefore do not support cookies like a browser might). As a result, this ends up locking disabled people out of services if they are required to solve a CAPTCHA without sited assistance. This is somewhat ameliorated by the fact that this seeming failure does not occur (to my knowledge at least) on phones, but I have only experienced this once on my phone and others may have not had the success that I had. Hcaptcha has repeatedly asserted (despite all evidence to the contrary) that their service is completely accessible, despite the numerous complaints that prove otherwise. They have refused to update or modernize their service, even though they claim that their service allows publishers to be section 508 and WCAG 2.1AA compliant (which is not in fact the case). If you want a bunch of examples where blind people (as one example) have been locked out of things or been unable to get passed Hcaptcha, you need to look no further than these search results.

As a solution, I kindly ask the Bitwarden developers to switch CAPTCHA services to Recaptcha or, if that is implausible or unreasonable, to identify another way of preventing abuse, such as rate limiting or 24-hour lockouts. I understand that this solution is not ideal, and that others (e.g. machine learning) may be better, but at least it won't result in people who are disabled being locked out of their password vaults for an indeterminate amount of time. As I said, I know that Recaptcha probably tracks users, but I'm honestly unsure what would be a better alternative. I would appreciate thoughts about this -- and I hope I'm not upsetting anyone with this comment and that I'm posting it in the right place.

Hi

Neither the webinterface nor the bitwarden-cli (1.22.1) can import my 1password 1pux file. The webinterface shows nothing, but on the CLI I get:

$ bw --version
1.22.1

$ bw import --session "(stripped)" 1password1pux ./archive.1pux 
mac failed.
? Master password: [hidden]
Cannot read properties of undefined (reading 'passwordHistory')

If I strip all "Item" entries from the export.data file in the 1pux archive, I get:

$ bw import --session "(stripped)" 1password1pux ./archive.1pux 
mac failed.
? Master password: [hidden]
Nothing was imported.

So it seems that parsing of the item-array fails. The working dataset is:

{
  "accounts": [
    {
      "attrs": {
        "accountName": "Test",
        "name": "Test Name",
        "avatar": "something.png",
        "email": "[email protected]",
        "uuid": "4TJHWIKKXHFG64BQ4ZCWAJ5UKI",
        "domain": "https://my.1password.com/"
      },
      "vaults": [
        {
          "attrs": {
            "uuid": "vc2fz65whw64rafhsz54pzxebm",
            "desc": "",
            "avatar": "something.png",
            "name": "Z+D",
            "type": "U"
          },
          "items": [
          ]
        }
      ]
    }
  ]
}

Once I add a single item back into the item-array, the original error occurs. Here is one simple example:

  "accounts": [
    {
      "attrs": {
        "accountName": "Test",
        "name": "Test Name",
        "avatar": "something.png",
        "email": "[email protected]",
        "uuid": "4TJHWIKKXHFG64BQ4ZCWAJ5UKI",
        "domain": "https://my.1password.com/"
      },
      "vaults": [
        {
          "attrs": {
            "uuid": "vc2fz65whw64rafhsz54pzxebm",
            "desc": "",
            "avatar": "something.png",
            "name": "Z+D",
            "type": "U"
          },
          "items": [
            {
              "item": {
                "uuid": "mu7egdm4nmjm5odhausf6bqqo4",
                "favIndex": 0,
                "createdAt": 1540000000,
                "updatedAt": 1620000000,
                "trashed": false,
                "categoryUuid": "001",
                "details": {
                  "htmlForm": {
                    "htmlMethod": "LB1"
                  },
                  "loginFields": [
                    {
                      "value": "[email protected]",
                      "id": "login_email;opid=__0",
                      "name": "email",
                      "fieldType": "T",
                      "designation": "username"
                    },
                    {
                      "value": "somePassword",
                      "id": "login_pass;opid=__1",
                      "name": "pass",
                      "fieldType": "P",
                      "designation": "password"
                    }
                  ],
                  "sections": [],
                  "passwordHistory": []
                },
                "overview": {
                  "subtitle": "[email protected]",
                  "urls": [
                    {
                      "label": "Sign-in Page",
                      "url": "https://foo.bar"
                    }
                  ],
                  "title": "Something",
                  "url": "https://foo.bar",
                  "ps": 0,
                  "pbe": 0.0,
                  "pgrng": false
                }
              }
            }
          ]
        }
      ]
    }
  ]
}

I tried digging into src/importers/onepasswordImporters/onepassword1PuxImporter.ts but I cannot seem to see any wrong accesses to passwordHistory, so I am unsure where exactly this originates.

Thanks
David

Bitwardens domain based detection scheme unexpectedly doesn't detect matching logins when visiting URIs like http://[2001:db8:0:0:0:0:2:1] or https://[2001:db8::2:1]. I suspect this is because Utils.getDomain returns null instead of [2001:db8::2:1] when calling it on such URIs.

Bitwarden is suffering from this exact issue as VScode: microsoft/vscode#132455

It is fixed a few hours ago in VScode by bumping the Electron version to at least 13.4.0 (See release notes: https://github.com/electron/electron/releases/tag/v13.4.0)

https://github.com/bitwarden/jslib/blob/cd46f64993545a1cb772e2f6a2137a675554f3c3/src/enums/kdfType.ts

It looks like the only supported choice for a PBKDF is SHA256. This is possibly the worst choice available for a password-based KDF, as a PBKDF should be relatively slow, and SHA256 is perhaps practically the fastest hash function on earth due to optimizations made for Bitcoin (e.g. cheap ASICs and suchlike). Even iterated, it's way too fast, and only getting faster.

I was evaluating Bitwarden as a potential replacement for Dashlane (Dashlane sucks) but this is a real non-starter for me. Please up your KDF game. It's 2019.

Additional reading:

https://medium.com/@mpreziuso/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e

https://medium.com/@mpreziuso/password-hashing-pbkdf2-scrypt-bcrypt-1ef4bb9c19b3

TL;DR: Use Argon2. https://www.npmjs.com/package/argon2

some log:

Error parsing row 198: Too few fields: expected 70 fields but parsed 66