Mercurial Repository: p/roundup/code: roundup/configuration.py comparison

comparison roundup/configuration.py @ 8239:6bd11a73f2ed

issue2551253. default hash is PBKDF2-SHA512. The default password hashing algorithm has been upgraded to PBKDF2-SHA512 from PBKDF2-SHA1. The default pbkdf2 rounds in the config file has been changed to 250000. Doc updated.

author	John Rouillard <rouilj@ieee.org>
date	Mon, 30 Dec 2024 02:57:46 -0500
parents	5a2b9435a04d
children	b99e76e76496

comparison

equal deleted inserted replaced

-:05405220dc38
+:6bd11a73f2ed
 "reader has a limit on the size of individual fields\n"
 "starting with python 2.5. Set this to a higher value if you\n"
 "get the error 'Error: field larger than field limit' during\n"
 "import."),
 (IntegerNumberGeqZeroOption, 'password_pbkdf2_default_rounds',
-'2000000',
+'250000',
 "Sets the default number of rounds used when encoding passwords\n"
-"using the PBKDF2 scheme. Set this to a higher value on faster\n"
+"using any PBKDF2 scheme. Set this to a higher value on faster\n"
-"systems which want more security.\n"
+"systems which want more security. Use a minimum of 250000\n"
+"for PBKDF2-SHA512 which is the default hash in Roundup 2.5.\n"
 "PBKDF2 (Password-Based Key Derivation Function) is a\n"
 "password hashing mechanism that derives hash from the\n"
 "password and a random salt. For authentication this process\n"
 "is repeated with the same salt as in the stored hash.\n"
 "If both hashes match, the authentication succeeds.\n"

Mercurial > p > roundup > code

comparison roundup/configuration.py @ 8239:6bd11a73f2ed