mirror of
				https://github.com/django/django.git
				synced 2025-10-26 07:06:08 +00:00 
			
		
		
		
	[1.6.x] Increased default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
Backport of a075e2ad0d from master
			
			
This commit is contained in:
		
				
					committed by
					
						 Tim Graham
						Tim Graham
					
				
			
			
				
	
			
			
			
						parent
						
							9888bb28ee
						
					
				
				
					commit
					85ba68cc14
				
			| @@ -88,6 +88,13 @@ any time leading up to the actual release: | ||||
|    emails at *FIXME WHERE?*. This email should be signed by the key you'll use | ||||
|    for the release, and should include patches for each issue being fixed. | ||||
|  | ||||
| #. If this is a major release, make sure the tests pass, then increase | ||||
|    the default PBKDF2 iterations in | ||||
|    ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` by about 10% | ||||
|    (pick a round number). Run the tests, and update the 3 failing | ||||
|    hasher tests with the new values. Make sure this gets noted in the | ||||
|    release notes (see release notes on 1.6 for an example). | ||||
|  | ||||
| #. As the release approaches, watch Trac to make sure no release blockers | ||||
|    are left for the upcoming release. | ||||
|  | ||||
|   | ||||
| @@ -365,6 +365,13 @@ Minor features | ||||
|   a list (except on SQLite). This has long been possible (but not officially | ||||
|   supported) on MySQL and PostgreSQL, and is now also available on Oracle. | ||||
|  | ||||
| * The default iteration count for the PBKDF2 password hasher has been | ||||
|   increased by 20%. This backwards compatible change will not affect | ||||
|   existing passwords or users who have subclassed | ||||
|   `django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the | ||||
|   default value. | ||||
|  | ||||
|  | ||||
| Backwards incompatible changes in 1.6 | ||||
| ===================================== | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user