mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-09-24 23:49:12 +00:00
Code Issues 32 Releases Wiki Activity

Increased the default PBKDF2 iterations for Django 6.1.

Browse Source
This commit is contained in:
Jacob Walls 2025-09-05 14:35:00 -04:00 committed by nessita
parent 0655d958bd
commit b83204a06e
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/hashers.py
View File

@ -324,7 +324,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
""" """
algorithm = "pbkdf2_sha256" algorithm = "pbkdf2_sha256"
iterations = 1_200_000 iterations = 1_500_000
digest = hashlib.sha256 digest = hashlib.sha256
def encode(self, password, salt, iterations=None): def encode(self, password, salt, iterations=None):

3
docs/releases/6.1.txt
View File

@ -42,7 +42,8 @@ Minor features
:mod:`django.contrib.auth` :mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
* ... * The default iteration count for the PBKDF2 password hasher is increased from
1,200,000 to 1,500,000.
:mod:`django.contrib.contenttypes` :mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10
tests/auth_tests/test_hashers.py
View File

@ -85,8 +85,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256") encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
self.assertEqual( self.assertEqual(
encoded, encoded,
"pbkdf2_sha256$1200000$" "pbkdf2_sha256$1500000$"
"seasalt$6sTlFi4QohxXLuZigqDIUNX8xG9NxrTmV8+flFQdBqE=", "seasalt$P4UiMPVduVWIL/oS1GzH+IofsccjJNM5hUTikBvi5to=",
) )
self.assertTrue(is_password_usable(encoded)) self.assertTrue(is_password_usable(encoded))
self.assertTrue(check_password("lètmein", encoded)) self.assertTrue(check_password("lètmein", encoded))
@ -279,8 +279,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = hasher.encode("lètmein", "seasalt2") encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual( self.assertEqual(
encoded, encoded,
"pbkdf2_sha256$1200000$" "pbkdf2_sha256$1500000$"
"seasalt2$hPlIUc6GqWsws6cZV1K8OuOARm1UrbZ3vLGFoHkH0ZI=", "seasalt2$xWKIh704updzhxL+vMfPbhVsHljK62FyE988AtcoHU4=",
) )
self.assertTrue(hasher.verify("lètmein", encoded)) self.assertTrue(hasher.verify("lètmein", encoded))
@ -288,7 +288,7 @@ class TestUtilsHashPass(SimpleTestCase):
hasher = PBKDF2SHA1PasswordHasher() hasher = PBKDF2SHA1PasswordHasher()
encoded = hasher.encode("lètmein", "seasalt2") encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual( self.assertEqual(
encoded, "pbkdf2_sha1$1200000$seasalt2$RGU4BAy93u+JDPtuMamdllndh+c=" encoded, "pbkdf2_sha1$1500000$seasalt2$ep4Ou2hnt2mlvMRsIjUln0Z5MYY="
) )
self.assertTrue(hasher.verify("lètmein", encoded)) self.assertTrue(hasher.verify("lètmein", encoded))