diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-09-12 11:46:37 +0200 |
|---|---|---|
| committer | Carlton Gibson <carlton@noumenal.es> | 2019-09-12 17:24:01 +0200 |
| commit | b5db65c4fbcf05cb03d039166abf115930dc7577 (patch) | |
| tree | 7fe98509219c23c9dbe9f14ad5a9aa0caa782db6 | |
| parent | 4b63d45d5437c71cc7958e4848eed03391de9f41 (diff) | |
Increased the default PBKDF2 iterations for Django 3.1.
| -rw-r--r-- | django/contrib/auth/hashers.py | 2 | ||||
| -rw-r--r-- | docs/releases/3.1.txt | 3 | ||||
| -rw-r--r-- | tests/auth_tests/test_hashers.py | 6 |
3 files changed, 6 insertions, 5 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 34caa4eba9..dac1ceacf6 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -235,7 +235,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher): safely but you must rename the algorithm if you change SHA256. """ algorithm = "pbkdf2_sha256" - iterations = 180000 + iterations = 216000 digest = hashlib.sha256 def encode(self, password, salt, iterations=None): diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 9b16bae9ca..cafd8dbdb0 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -43,7 +43,8 @@ Minor features :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ -* ... +* The default iteration count for the PBKDF2 password hasher is increased from + 180,000 to 216,000. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py index ad62101d8c..5efc179f59 100644 --- a/tests/auth_tests/test_hashers.py +++ b/tests/auth_tests/test_hashers.py @@ -52,7 +52,7 @@ class TestUtilsHashPass(SimpleTestCase): def test_pbkdf2(self): encoded = make_password('lètmein', 'seasalt', 'pbkdf2_sha256') - self.assertEqual(encoded, 'pbkdf2_sha256$180000$seasalt$gH56uAM9k5UGHuCzAYqLtJQ7AFgnXEZ4LMzt71ldHoc=') + self.assertEqual(encoded, 'pbkdf2_sha256$216000$seasalt$youGZxOw6ZOcfrXv2i8/AhrnpZflJJ9EshS9XmUJTUg=') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password('lètmein', encoded)) self.assertFalse(check_password('lètmeinz', encoded)) @@ -285,13 +285,13 @@ class TestUtilsHashPass(SimpleTestCase): def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') - self.assertEqual(encoded, 'pbkdf2_sha256$180000$seasalt2$42TW7RGTT6FJUY+hv/VNLy7/3F0KbOcvoKmvB6TAnGU=') + self.assertEqual(encoded, 'pbkdf2_sha256$216000$seasalt2$gHyszNJ9lwTG5y3MQUjZe+OJmYVTBPl/y7bYq9dtk8M=') self.assertTrue(hasher.verify('lètmein', encoded)) def test_low_level_pbkdf2_sha1(self): hasher = PBKDF2SHA1PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') - self.assertEqual(encoded, 'pbkdf2_sha1$180000$seasalt2$y3RFPd5ZY+yJ8pv4soGPYtg2tZo=') + self.assertEqual(encoded, 'pbkdf2_sha1$216000$seasalt2$E1KH89wMKuPXrrQzifVcG4cBtiA=') self.assertTrue(hasher.verify('lètmein', encoded)) @override_settings( |
