mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-18 06:12:23 +00:00
Code Issues 32 Releases Wiki Activity

Increased the default PBKDF2 iterations for Django 6.0.

Browse Source
This commit is contained in:
Sarah Boyce 2024-12-13 10:30:54 +01:00
parent 7bc88c3c15
commit 37373d9ae9
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/hashers.py
View File

@ -318,7 +318,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
""" """
algorithm = "pbkdf2_sha256" algorithm = "pbkdf2_sha256"
iterations = 1_000_000 iterations = 1_200_000
digest = hashlib.sha256 digest = hashlib.sha256
def encode(self, password, salt, iterations=None): def encode(self, password, salt, iterations=None):

3
docs/releases/6.0.txt
View File

@ -51,7 +51,8 @@ Minor features
:mod:`django.contrib.auth` :mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
* ... * The default iteration count for the PBKDF2 password hasher is increased from
1,000,000 to 1,200,000.
:mod:`django.contrib.contenttypes` :mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10
tests/auth_tests/test_hashers.py
View File

@ -84,8 +84,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256") encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
self.assertEqual( self.assertEqual(
encoded, encoded,
"pbkdf2_sha256$1000000$" "pbkdf2_sha256$1200000$"
"seasalt$r1uLUxoxpP2Ued/qxvmje7UH9PUJBkRrvf9gGPL7Cps=", "seasalt$6sTlFi4QohxXLuZigqDIUNX8xG9NxrTmV8+flFQdBqE=",
) )
self.assertTrue(is_password_usable(encoded)) self.assertTrue(is_password_usable(encoded))
self.assertTrue(check_password("lètmein", encoded)) self.assertTrue(check_password("lètmein", encoded))
@ -278,8 +278,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = hasher.encode("lètmein", "seasalt2") encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual( self.assertEqual(
encoded, encoded,
"pbkdf2_sha256$1000000$" "pbkdf2_sha256$1200000$"
"seasalt2$egbhFghgsJVDo5Tpg/k9ZnfbySKQ1UQnBYXhR97a7sk=", "seasalt2$hPlIUc6GqWsws6cZV1K8OuOARm1UrbZ3vLGFoHkH0ZI=",
) )
self.assertTrue(hasher.verify("lètmein", encoded)) self.assertTrue(hasher.verify("lètmein", encoded))
@ -287,7 +287,7 @@ class TestUtilsHashPass(SimpleTestCase):
hasher = PBKDF2SHA1PasswordHasher() hasher = PBKDF2SHA1PasswordHasher()
encoded = hasher.encode("lètmein", "seasalt2") encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual( self.assertEqual(
encoded, "pbkdf2_sha1$1000000$seasalt2$3R9hvSAiAy5ARspAFy5GJ/2rjXo=" encoded, "pbkdf2_sha1$1200000$seasalt2$RGU4BAy93u+JDPtuMamdllndh+c="
) )
self.assertTrue(hasher.verify("lètmein", encoded)) self.assertTrue(hasher.verify("lètmein", encoded))