summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarlton Gibson <carlton.gibson@noumenal.es>2022-05-10 15:26:17 +0200
committerCarlton Gibson <carlton@noumenal.es>2022-05-17 14:22:06 +0200
commit3c6f1fd1f8096b22a52c682a9d295c4396ee3035 (patch)
treee9b2d7e8d855de9741e3908175d7393a6d610d15
parentcdb2f7f36c1e9460e77f1c116e49ca156b312756 (diff)
Increased the default PBKDF2 iterations for Django 4.2.
-rw-r--r--django/contrib/auth/hashers.py2
-rw-r--r--docs/releases/4.2.txt3
-rw-r--r--tests/auth_tests/test_hashers.py8
3 files changed, 7 insertions, 6 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 42159531dc..10c9079200 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -296,7 +296,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
"""
algorithm = "pbkdf2_sha256"
- iterations = 390000
+ iterations = 480000
digest = hashlib.sha256
def encode(self, password, salt, iterations=None):
diff --git a/docs/releases/4.2.txt b/docs/releases/4.2.txt
index 5a23e285fa..0b698360fb 100644
--- a/docs/releases/4.2.txt
+++ b/docs/releases/4.2.txt
@@ -42,7 +42,8 @@ Minor features
:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~
-* ...
+* The default iteration count for the PBKDF2 password hasher is increased from
+ 390,000 to 480,000.
:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py
index 2faf2499b0..d0965fb6c1 100644
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -77,7 +77,7 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
self.assertEqual(
encoded,
- "pbkdf2_sha256$390000$seasalt$8xBlGd3jVgvJ+92hWPxi5ww0uuAuAnKgC45eudxro7c=",
+ "pbkdf2_sha256$480000$seasalt$G4ja8YRtfnNyEx4Ii2pbFMp/l8s4nnbMdJ+Fob/qNK8=",
)
self.assertTrue(is_password_usable(encoded))
self.assertTrue(check_password("lètmein", encoded))
@@ -404,8 +404,8 @@ class TestUtilsHashPass(SimpleTestCase):
encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual(
encoded,
- "pbkdf2_sha256$390000$seasalt2$geC/uZ92nRXDSjSxeoiBqYyRcrLzMm8xK3r"
- "o1QS1uo8=",
+ "pbkdf2_sha256$480000$seasalt2$WlORJKPl5w3Lubr7rYLOwSQCEOm4Or/NCA"
+ "aECnB1PE0=",
)
self.assertTrue(hasher.verify("lètmein", encoded))
@@ -413,7 +413,7 @@ class TestUtilsHashPass(SimpleTestCase):
hasher = PBKDF2SHA1PasswordHasher()
encoded = hasher.encode("lètmein", "seasalt2")
self.assertEqual(
- encoded, "pbkdf2_sha1$390000$seasalt2$aDapRanzW8aHTz97v2TcfHzWD+I="
+ encoded, "pbkdf2_sha1$480000$seasalt2$qyT+EkK5g82hk2r+fRecFeoe28E="
)
self.assertTrue(hasher.verify("lètmein", encoded))