[SECURITY] default to pbkdf2 with 320,000 iterations

(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 2436acb3d9)
(cherry picked from commit 62f50e1c52)
(cherry picked from commit dba1892521)
(cherry picked from commit 4b58e3b6d4)
(cherry picked from commit 1247056856)
(cherry picked from commit afbaea7009)
(cherry picked from commit dcd4813d96)
(cherry picked from commit b51dc963d1)
(cherry picked from commit 611e895efd)
(cherry picked from commit fd492a03f5)
(cherry picked from commit 2c99991f44)
(cherry picked from commit 7426c1edb4)
(cherry picked from commit 373244f8b2)
(cherry picked from commit 4f6efecdb9)
(cherry picked from commit 61d500808e)
(cherry picked from commit 65f8384b63)
(cherry picked from commit 12ed28e734)
(cherry picked from commit ec6cdc9e1a)
(cherry picked from commit 08653ba051)
(cherry picked from commit d5847c87cb)
(cherry picked from commit 640a96e19b)
(cherry picked from commit 46177814a9)
(cherry picked from commit b0098f5a80)
(cherry picked from commit ce5ddeeca9)
(cherry picked from commit 5736fa1025)
(cherry picked from commit c43ca210fc)
(cherry picked from commit 7f92906bf3)
(cherry picked from commit f726525d2d)
(cherry picked from commit db86c93b0b)
(cherry picked from commit 6751bd93c3)
This commit is contained in:
Loïc Dachary 2023-02-20 23:25:12 +01:00 committed by Earl Warren
parent e8ebceafc4
commit 9dc354e0bc
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
3 changed files with 7 additions and 7 deletions

View file

@ -479,8 +479,8 @@ INTERNAL_TOKEN=
;;Classes include "lower,upper,digit,spec" ;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off ;PASSWORD_COMPLEXITY = off
;; ;;
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt" ;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
;PASSWORD_HASH_ALGO = pbkdf2 ;PASSWORD_HASH_ALGO = pbkdf2_hi
;; ;;
;; Set false to allow JavaScript to read CSRF cookie ;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true ;CSRF_COOKIE_HTTP_ONLY = true

View file

@ -10,7 +10,7 @@ package hash
// //
// It will be dealiased as per aliasAlgorithmNames whereas // It will be dealiased as per aliasAlgorithmNames whereas
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing. // defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
const DefaultHashAlgorithmName = "pbkdf2" const DefaultHashAlgorithmName = "pbkdf2_hi"
var DefaultHashAlgorithm *PasswordHashAlgorithm var DefaultHashAlgorithm *PasswordHashAlgorithm

View file

@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
}) })
} }
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) { t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("") emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2") pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
assert.Equal(t, pbkdf2v2Config, emptyConfig) assert.Equal(t, pbkdf2hiConfig, emptyConfig)
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification) assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
}) })
} }