[1.7.x] Increased the default PBKDF2 iterations.
This commit is contained in:
Tim Graham
parent
0a06ae9ef3
commit
4aed731154
|
|
@ -222,12 +222,12 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
|
|||
"""
|
||||
Secure password hashing using the PBKDF2 algorithm (recommended)
|
||||
|
||||
Configured to use PBKDF2 + HMAC + SHA256 with 12000 iterations.
|
||||
Configured to use PBKDF2 + HMAC + SHA256 with 15000 iterations.
|
||||
The result is a 64 byte binary string. Iterations may be changed
|
||||
safely but you must rename the algorithm if you change SHA256.
|
||||
"""
|
||||
algorithm = "pbkdf2_sha256"
|
||||
iterations = 12000
|
||||
iterations = 15000
|
||||
digest = hashlib.sha256
|
||||
|
||||
def encode(self, password, salt, iterations=None):
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||
def test_pkbdf2(self):
|
||||
encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256')
|
||||
self.assertEqual(encoded,
|
||||
'pbkdf2_sha256$12000$seasalt$Ybw8zsFxqja97tY/o6G+Fy1ksY4U/Hw3DRrGED6Up4s=')
|
||||
'pbkdf2_sha256$15000$seasalt$+qoFTwR4r71UCLMhmQUCou/LMu17XwQWfYIVd/xJ1RI=')
|
||||
self.assertTrue(is_password_usable(encoded))
|
||||
self.assertTrue(check_password('lètmein', encoded))
|
||||
self.assertFalse(check_password('lètmeinz', encoded))
|
||||
|
|
@ -211,14 +211,14 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||
hasher = PBKDF2PasswordHasher()
|
||||
encoded = hasher.encode('lètmein', 'seasalt2')
|
||||
self.assertEqual(encoded,
|
||||
'pbkdf2_sha256$12000$seasalt2$hlDLKsxgkgb1aeOppkM5atCYw5rPzAjCNQZ4NYyUROw=')
|
||||
'pbkdf2_sha256$15000$seasalt2$uSQqI+91wgObKdP6L6S75LLzyxrZRWNcaujEZPA3/nA=')
|
||||
self.assertTrue(hasher.verify('lètmein', encoded))
|
||||
|
||||
def test_low_level_pbkdf2_sha1(self):
|
||||
hasher = PBKDF2SHA1PasswordHasher()
|
||||
encoded = hasher.encode('lètmein', 'seasalt2')
|
||||
self.assertEqual(encoded,
|
||||
'pbkdf2_sha1$12000$seasalt2$JeMRVfjjgtWw3/HzlnlfqBnQ6CA=')
|
||||
'pbkdf2_sha1$15000$seasalt2$iYDXAPKgMsKMsarvA1MErD518Ug=')
|
||||
self.assertTrue(hasher.verify('lètmein', encoded))
|
||||
|
||||
def test_upgrade(self):
|
||||
|
|
|
|||
|
|
@ -11,4 +11,9 @@ Django 1.7.3 fixes several bugs in 1.7.2.
|
|||
Bugfixes
|
||||
========
|
||||
|
||||
* ...
|
||||
* The default iteration count for the PBKDF2 password hasher has been
|
||||
increased by 25%. This part of the normal major release process was
|
||||
inadvertently omitted in 1.7. This backwards compatible change will not
|
||||
affect users who have subclassed
|
||||
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
|
||||
default value.
|
||||
|
|
|
|||
Loading…
Reference in New Issue