From a075e2ad0dcce65cb5cf4cb654ac8a6839db0baf Mon Sep 17 00:00:00 2001 From: Paul McMillan Date: Thu, 19 Sep 2013 17:39:43 +0100 Subject: Increase default PBKDF2 iterations Increases the default PBKDF2 iterations, since computers have gotten faster since 2011. In the future, we plan to increment by 10% per major version. --- django/utils/crypto.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'django/utils') diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 3c15b8b35b..3331424cb7 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -139,11 +139,12 @@ def pbkdf2(password, salt, iterations, dklen=0, digest=None): HMAC+SHA256 is used as the default pseudo random function. - Right now 10,000 iterations is the recommended default which takes - 100ms on a 2.2Ghz Core 2 Duo. This is probably the bare minimum - for security given 1000 iterations was recommended in 2001. This - code is very well optimized for CPython and is only four times - slower than openssl's implementation. + As of 2011, 10,000 iterations was the recommended default which + took 100ms on a 2.2Ghz Core 2 Duo. This is probably the bare + minimum for security given 1000 iterations was recommended in + 2001. This code is very well optimized for CPython and is only + four times slower than openssl's implementation. Look in + django.contrib.auth.hashers for the present default. """ assert iterations > 0 if not digest: -- cgit v1.3