1
0
mirror of https://github.com/django/django.git synced 2024-12-22 09:05:43 +00:00

Clarified docs about increasing the work factor for bcrypt hasher.

This commit is contained in:
yyyyyyyan 2021-03-31 21:43:09 -03:00 committed by Mariusz Felisiak
parent 66491f08fe
commit e197dcca36
2 changed files with 9 additions and 2 deletions

View File

@ -978,6 +978,7 @@ answer newbie questions, and generally made Django that much better:
ymasuda@ethercube.com
Yoong Kang Lim <yoongkang.lim@gmail.com>
Yusuke Miyazaki <miyazaki.dev@gmail.com>
yyyyyyyan <contact@yyyyyyyan.tech>
Zac Hatfield-Dodds <zac.hatfield.dodds@gmail.com>
Zachary Voase <zacharyvoase@gmail.com>
Zach Liu <zachliu@gmail.com>

View File

@ -172,8 +172,9 @@ iterations needs to be increased. We've chosen a reasonable default (and will
increase it with each release of Django), but you may wish to tune it up or
down, depending on your security needs and available processing power. To do so,
you'll subclass the appropriate algorithm and override the ``iterations``
parameters. For example, to increase the number of iterations used by the
default PBKDF2 algorithm:
parameter (use the ``rounds`` parameter when subclassing a bcrypt hasher). For
example, to increase the number of iterations used by the default PBKDF2
algorithm:
#. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``::
@ -201,6 +202,11 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2.
.. note::
bcrypt ``rounds`` is a logarithmic work factor, e.g. 12 rounds means
``2 ** 12`` iterations.
Argon2
~~~~~~