diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-09-05 14:35:00 -0400 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2025-09-17 15:17:05 -0300 |
| commit | b83204a06e2a4b01f8580b5452058729786ee1d5 (patch) | |
| tree | a1ffc0a469991a9bec65fb58cf0e5702f0b9545c | |
| parent | 0655d958bd7a4be7c47df3469f7cfa9af46e7a35 (diff) | |
Increased the default PBKDF2 iterations for Django 6.1.
| -rw-r--r-- | django/contrib/auth/hashers.py | 2 | ||||
| -rw-r--r-- | docs/releases/6.1.txt | 3 | ||||
| -rw-r--r-- | tests/auth_tests/test_hashers.py | 10 |
3 files changed, 8 insertions, 7 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 4bb518cb89..35a295cf17 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -324,7 +324,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher): """ algorithm = "pbkdf2_sha256" - iterations = 1_200_000 + iterations = 1_500_000 digest = hashlib.sha256 def encode(self, password, salt, iterations=None): diff --git a/docs/releases/6.1.txt b/docs/releases/6.1.txt index 70da3ade6a..c89eebebc6 100644 --- a/docs/releases/6.1.txt +++ b/docs/releases/6.1.txt @@ -42,7 +42,8 @@ Minor features :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ -* ... +* The default iteration count for the PBKDF2 password hasher is increased from + 1,200,000 to 1,500,000. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py index 910238d2f5..9fb7e3f95d 100644 --- a/tests/auth_tests/test_hashers.py +++ b/tests/auth_tests/test_hashers.py @@ -85,8 +85,8 @@ class TestUtilsHashPass(SimpleTestCase): encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256") self.assertEqual( encoded, - "pbkdf2_sha256$1200000$" - "seasalt$6sTlFi4QohxXLuZigqDIUNX8xG9NxrTmV8+flFQdBqE=", + "pbkdf2_sha256$1500000$" + "seasalt$P4UiMPVduVWIL/oS1GzH+IofsccjJNM5hUTikBvi5to=", ) self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password("lètmein", encoded)) @@ -279,8 +279,8 @@ class TestUtilsHashPass(SimpleTestCase): encoded = hasher.encode("lètmein", "seasalt2") self.assertEqual( encoded, - "pbkdf2_sha256$1200000$" - "seasalt2$hPlIUc6GqWsws6cZV1K8OuOARm1UrbZ3vLGFoHkH0ZI=", + "pbkdf2_sha256$1500000$" + "seasalt2$xWKIh704updzhxL+vMfPbhVsHljK62FyE988AtcoHU4=", ) self.assertTrue(hasher.verify("lètmein", encoded)) @@ -288,7 +288,7 @@ class TestUtilsHashPass(SimpleTestCase): hasher = PBKDF2SHA1PasswordHasher() encoded = hasher.encode("lètmein", "seasalt2") self.assertEqual( - encoded, "pbkdf2_sha1$1200000$seasalt2$RGU4BAy93u+JDPtuMamdllndh+c=" + encoded, "pbkdf2_sha1$1500000$seasalt2$ep4Ou2hnt2mlvMRsIjUln0Z5MYY=" ) self.assertTrue(hasher.verify("lètmein", encoded)) |
