Mercurial > p > roundup > code
comparison roundup/configuration.py @ 7161:be7849588372
issue2551252 - increase PBKFD2 default rounds to 2,000,000.
Current
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
for SHA1 recommends 1,300,000 so 2,000,000.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 23 Feb 2023 19:17:42 -0500 |
| parents | 89a59e46b3af |
| children | e3f3f859256c |
comparison
equal
deleted
inserted
replaced
| 7160:ed63b6d35838 | 7161:be7849588372 |
|---|---|
| 1083 "format is a csv (comma separated values) variant. The csv\n" | 1083 "format is a csv (comma separated values) variant. The csv\n" |
| 1084 "reader has a limit on the size of individual fields\n" | 1084 "reader has a limit on the size of individual fields\n" |
| 1085 "starting with python 2.5. Set this to a higher value if you\n" | 1085 "starting with python 2.5. Set this to a higher value if you\n" |
| 1086 "get the error 'Error: field larger than field limit' during\n" | 1086 "get the error 'Error: field larger than field limit' during\n" |
| 1087 "import."), | 1087 "import."), |
| 1088 (IntegerNumberGeqZeroOption, 'password_pbkdf2_default_rounds', '10000', | 1088 (IntegerNumberGeqZeroOption, 'password_pbkdf2_default_rounds', |
| 1089 '2000000', | |
| 1089 "Sets the default number of rounds used when encoding passwords\n" | 1090 "Sets the default number of rounds used when encoding passwords\n" |
| 1090 "using the PBKDF2 scheme. Set this to a higher value on faster\n" | 1091 "using the PBKDF2 scheme. Set this to a higher value on faster\n" |
| 1091 "systems which want more security.\n" | 1092 "systems which want more security.\n" |
| 1092 "PBKDF2 (Password-Based Key Derivation Function) is a\n" | 1093 "PBKDF2 (Password-Based Key Derivation Function) is a\n" |
| 1093 "password hashing mechanism that derives hash from the\n" | 1094 "password hashing mechanism that derives hash from the\n" |