mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	Increased the default PBKDF2 iterations for Django 4.0.
This commit is contained in:
		| @@ -265,7 +265,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher): | |||||||
|     safely but you must rename the algorithm if you change SHA256. |     safely but you must rename the algorithm if you change SHA256. | ||||||
|     """ |     """ | ||||||
|     algorithm = "pbkdf2_sha256" |     algorithm = "pbkdf2_sha256" | ||||||
|     iterations = 260000 |     iterations = 320000 | ||||||
|     digest = hashlib.sha256 |     digest = hashlib.sha256 | ||||||
|  |  | ||||||
|     def encode(self, password, salt, iterations=None): |     def encode(self, password, salt, iterations=None): | ||||||
|   | |||||||
| @@ -42,7 +42,8 @@ Minor features | |||||||
| :mod:`django.contrib.auth` | :mod:`django.contrib.auth` | ||||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||||
|  |  | ||||||
| * ... | * The default iteration count for the PBKDF2 password hasher is increased from | ||||||
|  |   260,000 to 320,000. | ||||||
|  |  | ||||||
| :mod:`django.contrib.contenttypes` | :mod:`django.contrib.contenttypes` | ||||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||||
|   | |||||||
| @@ -63,7 +63,7 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|  |  | ||||||
|     def test_pbkdf2(self): |     def test_pbkdf2(self): | ||||||
|         encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256') |         encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha256$260000$seasalt$YlZ2Vggtqdc61YjArZuoApoBh9JNGYoDRBUGu6tcJQo=') |         self.assertEqual(encoded, 'pbkdf2_sha256$320000$seasalt$Toj2II2rBvFiGQcPmUml1Nlni2UtvyRWwz/jz4q6q/4=') | ||||||
|         self.assertTrue(is_password_usable(encoded)) |         self.assertTrue(is_password_usable(encoded)) | ||||||
|         self.assertTrue(check_password('lètmein', encoded)) |         self.assertTrue(check_password('lètmein', encoded)) | ||||||
|         self.assertFalse(check_password('lètmeinz', encoded)) |         self.assertFalse(check_password('lètmeinz', encoded)) | ||||||
| @@ -314,13 +314,13 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|     def test_low_level_pbkdf2(self): |     def test_low_level_pbkdf2(self): | ||||||
|         hasher = PBKDF2PasswordHasher() |         hasher = PBKDF2PasswordHasher() | ||||||
|         encoded = hasher.encode('lètmein', 'seasalt2') |         encoded = hasher.encode('lètmein', 'seasalt2') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha256$260000$seasalt2$UCGMhrOoaq1ghQPArIBK5RkI6IZLRxlIwHWA1dMy7y8=') |         self.assertEqual(encoded, 'pbkdf2_sha256$320000$seasalt2$BRr4pYNIQDsLFP+u4dzjs7pFuWJEin4lFMMoO9wBYvo=') | ||||||
|         self.assertTrue(hasher.verify('lètmein', encoded)) |         self.assertTrue(hasher.verify('lètmein', encoded)) | ||||||
|  |  | ||||||
|     def test_low_level_pbkdf2_sha1(self): |     def test_low_level_pbkdf2_sha1(self): | ||||||
|         hasher = PBKDF2SHA1PasswordHasher() |         hasher = PBKDF2SHA1PasswordHasher() | ||||||
|         encoded = hasher.encode('lètmein', 'seasalt2') |         encoded = hasher.encode('lètmein', 'seasalt2') | ||||||
|         self.assertEqual(encoded, 'pbkdf2_sha1$260000$seasalt2$wAibXvW6jgvatCdONi6SMJ6q7mI=') |         self.assertEqual(encoded, 'pbkdf2_sha1$320000$seasalt2$sDOkTvzV93jPWTRVxFGh50Jefo0=') | ||||||
|         self.assertTrue(hasher.verify('lètmein', encoded)) |         self.assertTrue(hasher.verify('lètmein', encoded)) | ||||||
|  |  | ||||||
|     @skipUnless(bcrypt, 'bcrypt not installed') |     @skipUnless(bcrypt, 'bcrypt not installed') | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user