mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-02 04:48:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Bump the default iterations for PBKDF2.

Browse source 
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
This commit is contained in:
Alex Gaynor 2014-07-11 22:43:17 -07:00
parent ebb13bbd88
commit 6732566967
4 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/internals/howto-release-django.txt
View file

@ -91,7 +91,7 @@ any time leading up to the actual release:
#. If this is a major release, make sure the tests pass, then increase
the default PBKDF2 iterations in
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` by about 10%
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` by about 20%
(pick a round number). Run the tests, and update the 3 failing
hasher tests with the new values. Make sure this gets noted in the
release notes (see release notes on 1.6 for an example).