summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2023-09-15 10:54:10 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-09-18 22:12:40 +0200
commit0e560edf32c001705dd43bdc68099d271c20c312 (patch)
treee091a5b1b8ef128c3721b26db1123e1f29c35a07
parentcaf87b4d4278602812fd3bb8b0d78dfca18db28d (diff)
Increased the default PBKDF2 iterations for Django 5.1.
-rw-r--r--django/contrib/auth/hashers.py2
-rw-r--r--docs/releases/5.1.txt3
-rw-r--r--tests/auth_tests/test_hashers.py8
3 files changed, 7 insertions, 6 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 95b6e000bc..e23ae6243e 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -312,7 +312,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
"""
algorithm = "pbkdf2_sha256"
- iterations = 720000
+ iterations = 870000
digest = hashlib.sha256
def encode(self, password, salt, iterations=None):
diff --git a/docs/releases/5.1.txt b/docs/releases/5.1.txt
index 77cb9fbfc7..37868efde1 100644
--- a/docs/releases/5.1.txt
+++ b/docs/releases/5.1.txt
@@ -42,7 +42,8 @@ Minor features
:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~
-* ...
+* The default iteration count for the PBKDF2 password hasher is increased from
+ 720,000 to 870,000.
:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py
index 643f60ffc7..e0b640a998 100644
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -83,7 +83,7 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
self.assertEqual(
encoded,
- "pbkdf2_sha256$720000$seasalt$eDupbcisD1UuIiou3hMuMu8oe/XwnpDw45r6AA5iv0E=",
+ "pbkdf2_sha256$870000$seasalt$wJSpLMQRQz0Dhj/pFpbyjMj71B2gUYp6HJS5AU+32Ac=",
)
self.assertTrue(is_password_usable(encoded))
self.assertTrue(check_password("lètmein", encoded))
@@ -275,8 +275,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual(
encoded,
- "pbkdf2_sha256$720000$"
- "seasalt2$e8hbsPnTo9qWhT3xYfKWoRth0h0J3360yb/tipPhPtY=",
+ "pbkdf2_sha256$870000$"
+ "seasalt2$nxgnNHRsZWSmi4hRSKq2MRigfaRmjDhH1NH4g2sQRbU=",
)
self.assertTrue(hasher.verify("lètmein", encoded))
@@ -284,7 +284,7 @@ class TestUtilsHashPass(SimpleTestCase):
hasher = PBKDF2SHA1PasswordHasher()
encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual(
- encoded, "pbkdf2_sha1$720000$seasalt2$2DDbzziqCtfldrRSNAaF8oA9OMw="
+ encoded, "pbkdf2_sha1$870000$seasalt2$iFPKnrkYfxxyxaeIqxq+c3nJ/j4="
)
self.assertTrue(hasher.verify("lètmein", encoded))