diff options
| author | yyyyyyyan <contact@yyyyyyyan.tech> | 2021-03-31 21:43:09 -0300 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-05-20 20:24:51 +0200 |
| commit | e197dcca366cf0b7203123e4ba7f8962e1d69e72 (patch) | |
| tree | 8d330916336d10825e5d17a2e68468ecce545c3c /docs | |
| parent | 66491f08fe86629fa25977bb3dddda06959f65e7 (diff) | |
Clarified docs about increasing the work factor for bcrypt hasher.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/topics/auth/passwords.txt | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index 87381ef67b..1d3d1653fa 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -172,8 +172,9 @@ iterations needs to be increased. We've chosen a reasonable default (and will increase it with each release of Django), but you may wish to tune it up or down, depending on your security needs and available processing power. To do so, you'll subclass the appropriate algorithm and override the ``iterations`` -parameters. For example, to increase the number of iterations used by the -default PBKDF2 algorithm: +parameter (use the ``rounds`` parameter when subclassing a bcrypt hasher). For +example, to increase the number of iterations used by the default PBKDF2 +algorithm: #. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``:: @@ -201,6 +202,11 @@ default PBKDF2 algorithm: That's it -- now your Django install will use more iterations when it stores passwords using PBKDF2. +.. note:: + + bcrypt ``rounds`` is a logarithmic work factor, e.g. 12 rounds means + ``2 ** 12`` iterations. + Argon2 ~~~~~~ |
