diff --git a/AUTHORS b/AUTHORS index 1a66ba6477..d9318c618f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -978,6 +978,7 @@ answer newbie questions, and generally made Django that much better: ymasuda@ethercube.com Yoong Kang Lim Yusuke Miyazaki + yyyyyyyan Zac Hatfield-Dodds Zachary Voase Zach Liu diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index 87381ef67b..1d3d1653fa 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -172,8 +172,9 @@ iterations needs to be increased. We've chosen a reasonable default (and will increase it with each release of Django), but you may wish to tune it up or down, depending on your security needs and available processing power. To do so, you'll subclass the appropriate algorithm and override the ``iterations`` -parameters. For example, to increase the number of iterations used by the -default PBKDF2 algorithm: +parameter (use the ``rounds`` parameter when subclassing a bcrypt hasher). For +example, to increase the number of iterations used by the default PBKDF2 +algorithm: #. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``:: @@ -201,6 +202,11 @@ default PBKDF2 algorithm: That's it -- now your Django install will use more iterations when it stores passwords using PBKDF2. +.. note:: + + bcrypt ``rounds`` is a logarithmic work factor, e.g. 12 rounds means + ``2 ** 12`` iterations. + Argon2 ~~~~~~