mirror of
1
Fork 0

[SECURITY] default to pbkdf2 with 320,000 iterations

(cherry picked from commit 3ea0b287d7)
This commit is contained in:
Loïc Dachary 2023-02-20 23:25:12 +01:00 committed by Earl Warren
parent 1574643a6a
commit db8392a8ac
No known key found for this signature in database
GPG Key ID: 0579CB2928A78A00
3 changed files with 7 additions and 7 deletions

View File

@ -476,8 +476,8 @@ INTERNAL_TOKEN=
;;Classes include "lower,upper,digit,spec" ;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off ;PASSWORD_COMPLEXITY = off
;; ;;
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt" ;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
;PASSWORD_HASH_ALGO = pbkdf2 ;PASSWORD_HASH_ALGO = pbkdf2_hi
;; ;;
;; Set false to allow JavaScript to read CSRF cookie ;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true ;CSRF_COOKIE_HTTP_ONLY = true

View File

@ -10,7 +10,7 @@ package hash
// //
// It will be dealiased as per aliasAlgorithmNames whereas // It will be dealiased as per aliasAlgorithmNames whereas
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing. // defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
const DefaultHashAlgorithmName = "pbkdf2" const DefaultHashAlgorithmName = "pbkdf2_hi"
var DefaultHashAlgorithm *PasswordHashAlgorithm var DefaultHashAlgorithm *PasswordHashAlgorithm

View File

@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
}) })
} }
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) { t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("") emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2") pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
assert.Equal(t, pbkdf2v2Config, emptyConfig) assert.Equal(t, pbkdf2hiConfig, emptyConfig)
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification) assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
}) })
} }