Mercurial > p > roundup > code

diff roundup/configuration.py @ 7161:be7849588372

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551252 - increase PBKFD2 default rounds to 2,000,000. Current https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 for SHA1 recommends 1,300,000 so 2,000,000.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Feb 2023 19:17:42 -0500
parents 89a59e46b3af
children e3f3f859256c
line wrap: on
line diff
--- a/roundup/configuration.py	Thu Feb 23 17:20:41 2023 -0500
+++ b/roundup/configuration.py	Thu Feb 23 19:17:42 2023 -0500
@@ -1085,7 +1085,8 @@
             "starting with python 2.5. Set this to a higher value if you\n"
             "get the error 'Error: field larger than field limit' during\n"
             "import."),
-        (IntegerNumberGeqZeroOption, 'password_pbkdf2_default_rounds', '10000',
+        (IntegerNumberGeqZeroOption, 'password_pbkdf2_default_rounds',
+         '2000000',
             "Sets the default number of rounds used when encoding passwords\n"
             "using the PBKDF2 scheme. Set this to a higher value on faster\n"
             "systems which want more security.\n"
Roundup Issue Tracker: http://roundup-tracker.org/