summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authoryyyyyyyan <contact@yyyyyyyan.tech>2021-03-31 21:43:09 -0300
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2021-05-20 20:24:51 +0200
commite197dcca366cf0b7203123e4ba7f8962e1d69e72 (patch)
tree8d330916336d10825e5d17a2e68468ecce545c3c /docs
parent66491f08fe86629fa25977bb3dddda06959f65e7 (diff)
Clarified docs about increasing the work factor for bcrypt hasher.
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/passwords.txt10
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index 87381ef67b..1d3d1653fa 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -172,8 +172,9 @@ iterations needs to be increased. We've chosen a reasonable default (and will
increase it with each release of Django), but you may wish to tune it up or
down, depending on your security needs and available processing power. To do so,
you'll subclass the appropriate algorithm and override the ``iterations``
-parameters. For example, to increase the number of iterations used by the
-default PBKDF2 algorithm:
+parameter (use the ``rounds`` parameter when subclassing a bcrypt hasher). For
+example, to increase the number of iterations used by the default PBKDF2
+algorithm:
#. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``::
@@ -201,6 +202,11 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2.
+.. note::
+
+ bcrypt ``rounds`` is a logarithmic work factor, e.g. 12 rounds means
+ ``2 ** 12`` iterations.
+
Argon2
~~~~~~