mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Increased the default PBKDF2 iterations for Django 3.2.
This commit is contained in:
		| @@ -241,7 +241,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher): | |||||||
|     safely but you must rename the algorithm if you change SHA256. |     safely but you must rename the algorithm if you change SHA256. | ||||||
|     """ |     """ | ||||||
|     algorithm = "pbkdf2_sha256" |     algorithm = "pbkdf2_sha256" | ||||||
|     iterations = 216000 |     iterations = 260000 | ||||||
|     digest = hashlib.sha256 |     digest = hashlib.sha256 | ||||||
|  |  | ||||||
|     def encode(self, password, salt, iterations=None): |     def encode(self, password, salt, iterations=None): | ||||||
|   | |||||||
| @@ -47,7 +47,8 @@ Minor features | |||||||
| :mod:`django.contrib.auth` | :mod:`django.contrib.auth` | ||||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||||
|  |  | ||||||
| * ... | * The default iteration count for the PBKDF2 password hasher is increased from | ||||||
|  |   216,000 to 260,000. | ||||||
|  |  | ||||||
| :mod:`django.contrib.contenttypes` | :mod:`django.contrib.contenttypes` | ||||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||||
|   | |||||||
| @@ -63,7 +63,7 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|  |  | ||||||
|     def test_pbkdf2(self): |     def test_pbkdf2(self): | ||||||
|         encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256') |         encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha256$216000$seasalt$youGZxOw6ZOcfrXv2i8/AhrnpZflJJ9EshS9XmUJTUg=') |         self.assertEqual(encoded, 'pbkdf2_sha256$260000$seasalt$YlZ2Vggtqdc61YjArZuoApoBh9JNGYoDRBUGu6tcJQo=') | ||||||
|         self.assertTrue(is_password_usable(encoded)) |         self.assertTrue(is_password_usable(encoded)) | ||||||
|         self.assertTrue(check_password('lètmein', encoded)) |         self.assertTrue(check_password('lètmein', encoded)) | ||||||
|         self.assertFalse(check_password('lètmeinz', encoded)) |         self.assertFalse(check_password('lètmeinz', encoded)) | ||||||
| @@ -296,13 +296,13 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|     def test_low_level_pbkdf2(self): |     def test_low_level_pbkdf2(self): | ||||||
|         hasher = PBKDF2PasswordHasher() |         hasher = PBKDF2PasswordHasher() | ||||||
|         encoded = hasher.encode('lètmein', 'seasalt2') |         encoded = hasher.encode('lètmein', 'seasalt2') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha256$216000$seasalt2$gHyszNJ9lwTG5y3MQUjZe+OJmYVTBPl/y7bYq9dtk8M=') |         self.assertEqual(encoded, 'pbkdf2_sha256$260000$seasalt2$UCGMhrOoaq1ghQPArIBK5RkI6IZLRxlIwHWA1dMy7y8=') | ||||||
|         self.assertTrue(hasher.verify('lètmein', encoded)) |         self.assertTrue(hasher.verify('lètmein', encoded)) | ||||||
|  |  | ||||||
|     def test_low_level_pbkdf2_sha1(self): |     def test_low_level_pbkdf2_sha1(self): | ||||||
|         hasher = PBKDF2SHA1PasswordHasher() |         hasher = PBKDF2SHA1PasswordHasher() | ||||||
|         encoded = hasher.encode('lètmein', 'seasalt2') |         encoded = hasher.encode('lètmein', 'seasalt2') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha1$216000$seasalt2$E1KH89wMKuPXrrQzifVcG4cBtiA=') |         self.assertEqual(encoded, 'pbkdf2_sha1$260000$seasalt2$wAibXvW6jgvatCdONi6SMJ6q7mI=') | ||||||
|         self.assertTrue(hasher.verify('lètmein', encoded)) |         self.assertTrue(hasher.verify('lètmein', encoded)) | ||||||
|  |  | ||||||
|     @override_settings( |     @override_settings( | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user