Happy to see the effort! Fresh blood in the authn space is always welcomed.
Without rehashing the other good points commenters have made already, I’ll just say that every project starts out immature. What makes a project great is how willing the maintainers will be to grow along with the project and incorporate feedback. I’m excited to see future evolutions of this one.
I think it's more of a logic problem. I suspect the engineers made a false assumption that bcrypt can hash a trivial amount of data like some other hashing algos.
Yes but PIV/CAC identity is not related to break-glass passwords. They both serve different purposes and it's safe to assume that the typical government worker will only ever need to use their smart card to authenticate into systems.
Both situations seem possible. I guess time will tell how Unity wants to move forward.
Others mentioned it earlier but it looks like Godot had a big boost in users from this fiasco. Perhaps Unity is concerned about real financial damages done to their bottom line because of all this? I’d expect them to try a lot of stuff and see what sticks to make sure they don’t miss their targets this year.
Well, the transition in leadership is uncommon but they don’t officially give us a reason, so we’re left to speculate until someone inside gives us more info.
But from a purely speculative standpoint, it seems very possible that they were ousted because of the pricing debacle. I could see a world where the stakeholders aren’t thrilled with the damage the pricing changes did to their brand and took action.
Without rehashing the other good points commenters have made already, I’ll just say that every project starts out immature. What makes a project great is how willing the maintainers will be to grow along with the project and incorporate feedback. I’m excited to see future evolutions of this one.