[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit3ea0b287d7
) (cherry picked from commitdb8392a8ac
) (cherry picked from commitbd2a5fa292
)
This commit is contained in:
parent
4f3970e6c4
commit
235a91c4ae
|
@ -476,8 +476,8 @@ INTERNAL_TOKEN=
|
|||
;;Classes include "lower,upper,digit,spec"
|
||||
;PASSWORD_COMPLEXITY = off
|
||||
;;
|
||||
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
|
||||
;PASSWORD_HASH_ALGO = pbkdf2
|
||||
;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
|
||||
;PASSWORD_HASH_ALGO = pbkdf2_hi
|
||||
;;
|
||||
;; Set false to allow JavaScript to read CSRF cookie
|
||||
;CSRF_COOKIE_HTTP_ONLY = true
|
||||
|
|
|
@ -10,7 +10,7 @@ package hash
|
|||
//
|
||||
// It will be dealiased as per aliasAlgorithmNames whereas
|
||||
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
||||
const DefaultHashAlgorithmName = "pbkdf2"
|
||||
const DefaultHashAlgorithmName = "pbkdf2_hi"
|
||||
|
||||
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
||||
|
||||
|
|
|
@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
|
||||
t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
|
||||
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
|
||||
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
|
||||
pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
|
||||
|
||||
assert.Equal(t, pbkdf2v2Config, emptyConfig)
|
||||
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification)
|
||||
assert.Equal(t, pbkdf2hiConfig, emptyConfig)
|
||||
assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue