summaryrefslogtreecommitdiff
path: root/docs/internals
diff options
context:
space:
mode:
authorPaul McMillan <paul.mcmillan@nebula.com>2013-09-19 17:39:43 +0100
committerPaul McMillan <paul.mcmillan@nebula.com>2013-09-19 18:02:25 +0100
commita075e2ad0dcce65cb5cf4cb654ac8a6839db0baf (patch)
tree5116a0aade0ddaa229de4b99e84a49f73202b37c /docs/internals
parent59a34c43a8c3d62eaa400d48a9c26ed5400fc647 (diff)
Increase default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten faster since 2011. In the future, we plan to increment by 10% per major version.
Diffstat (limited to 'docs/internals')
-rw-r--r--docs/internals/howto-release-django.txt7
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt
index a926de27ab..03b543bd5e 100644
--- a/docs/internals/howto-release-django.txt
+++ b/docs/internals/howto-release-django.txt
@@ -89,6 +89,13 @@ any time leading up to the actual release:
key you'll use for the release, and should include patches for each issue
being fixed.
+#. If this is a major release, make sure the tests pass, then increase
+ the default PBKDF2 iterations in
+ ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` by about 10%
+ (pick a round number). Run the tests, and update the 3 failing
+ hasher tests with the new values. Make sure this gets noted in the
+ release notes (see release notes on 1.6 for an example).
+
#. As the release approaches, watch Trac to make sure no release blockers
are left for the upcoming release.