mirror of
https://github.com/django/django.git
synced 2025-10-31 09:41:08 +00:00
[1.7.x] Increased the default PBKDF2 iterations.
This commit is contained in:
Tim Graham
@@ -222,12 +222,12 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
|
|||||||
"""
|
"""
|
||||||
Secure password hashing using the PBKDF2 algorithm (recommended)
|
Secure password hashing using the PBKDF2 algorithm (recommended)
|
||||||
|
|
||||||
Configured to use PBKDF2 + HMAC + SHA256 with 12000 iterations.
|
Configured to use PBKDF2 + HMAC + SHA256 with 15000 iterations.
|
||||||
The result is a 64 byte binary string. Iterations may be changed
|
The result is a 64 byte binary string. Iterations may be changed
|
||||||
safely but you must rename the algorithm if you change SHA256.
|
safely but you must rename the algorithm if you change SHA256.
|
||||||
"""
|
"""
|
||||||
algorithm = "pbkdf2_sha256"
|
algorithm = "pbkdf2_sha256"
|
||||||
iterations = 12000
|
iterations = 15000
|
||||||
digest = hashlib.sha256
|
digest = hashlib.sha256
|
||||||
|
|
||||||
def encode(self, password, salt, iterations=None):
|
def encode(self, password, salt, iterations=None):
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
def test_pkbdf2(self):
|
def test_pkbdf2(self):
|
||||||
encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256')
|
encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256')
|
||||||
self.assertEqual(encoded,
|
self.assertEqual(encoded,
|
||||||
'pbkdf2_sha256$12000$seasalt$Ybw8zsFxqja97tY/o6G+Fy1ksY4U/Hw3DRrGED6Up4s=')
|
'pbkdf2_sha256$15000$seasalt$+qoFTwR4r71UCLMhmQUCou/LMu17XwQWfYIVd/xJ1RI=')
|
||||||
self.assertTrue(is_password_usable(encoded))
|
self.assertTrue(is_password_usable(encoded))
|
||||||
self.assertTrue(check_password('lètmein', encoded))
|
self.assertTrue(check_password('lètmein', encoded))
|
||||||
self.assertFalse(check_password('lètmeinz', encoded))
|
self.assertFalse(check_password('lètmeinz', encoded))
|
||||||
@@ -211,14 +211,14 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
hasher = PBKDF2PasswordHasher()
|
hasher = PBKDF2PasswordHasher()
|
||||||
encoded = hasher.encode('lètmein', 'seasalt2')
|
encoded = hasher.encode('lètmein', 'seasalt2')
|
||||||
self.assertEqual(encoded,
|
self.assertEqual(encoded,
|
||||||
'pbkdf2_sha256$12000$seasalt2$hlDLKsxgkgb1aeOppkM5atCYw5rPzAjCNQZ4NYyUROw=')
|
'pbkdf2_sha256$15000$seasalt2$uSQqI+91wgObKdP6L6S75LLzyxrZRWNcaujEZPA3/nA=')
|
||||||
self.assertTrue(hasher.verify('lètmein', encoded))
|
self.assertTrue(hasher.verify('lètmein', encoded))
|
||||||
|
|
||||||
def test_low_level_pbkdf2_sha1(self):
|
def test_low_level_pbkdf2_sha1(self):
|
||||||
hasher = PBKDF2SHA1PasswordHasher()
|
hasher = PBKDF2SHA1PasswordHasher()
|
||||||
encoded = hasher.encode('lètmein', 'seasalt2')
|
encoded = hasher.encode('lètmein', 'seasalt2')
|
||||||
self.assertEqual(encoded,
|
self.assertEqual(encoded,
|
||||||
'pbkdf2_sha1$12000$seasalt2$JeMRVfjjgtWw3/HzlnlfqBnQ6CA=')
|
'pbkdf2_sha1$15000$seasalt2$iYDXAPKgMsKMsarvA1MErD518Ug=')
|
||||||
self.assertTrue(hasher.verify('lètmein', encoded))
|
self.assertTrue(hasher.verify('lètmein', encoded))
|
||||||
|
|
||||||
def test_upgrade(self):
|
def test_upgrade(self):
|
||||||
|
|||||||
@@ -11,4 +11,9 @@ Django 1.7.3 fixes several bugs in 1.7.2.
|
|||||||
Bugfixes
|
Bugfixes
|
||||||
========
|
========
|
||||||
|
|
||||||
* ...
|
* The default iteration count for the PBKDF2 password hasher has been
|
||||||
|
increased by 25%. This part of the normal major release process was
|
||||||
|
inadvertently omitted in 1.7. This backwards compatible change will not
|
||||||
|
affect users who have subclassed
|
||||||
|
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
|
||||||
|
default value.
|
||||||
|
|||||||
Reference in New Issue
Block a user