티스토리 수익 글 보기

티스토리 수익 글 보기

Increased the default PBKDF2 iterations for Django 5.1. · django/django@7288866 · GitHub
Skip to content

Commit 7288866

Browse files
felixxmfelixxm
committed
Increased the default PBKDF2 iterations for Django 5.1.
1 parent 35394cb commit 7288866

File tree

3 files changed

+7
6
lines changed

3 files changed

+7
6
lines changed

django/contrib/auth/hashers.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -312,7 +312,7 @@ class PBKDF2PasswordHasher(BasePasswordHasher):
312312
"""
313313

314314
algorithm = "pbkdf2_sha256"
315-
iterations = 720000
315+
iterations = 870000
316316
digest = hashlib.sha256
317317

318318
def encode(self, password, salt, iterations=None):

docs/releases/5.1.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@ Minor features
4242
:mod:`django.contrib.auth`
4343
~~~~~~~~~~~~~~~~~~~~~~~~~~
4444

45-
* ...
45+
* The default iteration count for the PBKDF2 password hasher is increased from
46+
720,000 to 870,000.
4647

4748
:mod:`django.contrib.contenttypes`
4849
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tests/auth_tests/test_hashers.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ def test_pbkdf2(self):
8383
encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
8484
self.assertEqual(
8585
encoded,
86-
"pbkdf2_sha256$720000$seasalt$eDupbcisD1UuIiou3hMuMu8oe/XwnpDw45r6AA5iv0E=",
86+
"pbkdf2_sha256$870000$seasalt$wJSpLMQRQz0Dhj/pFpbyjMj71B2gUYp6HJS5AU+32Ac=",
8787
)
8888
self.assertTrue(is_password_usable(encoded))
8989
self.assertTrue(check_password("lètmein", encoded))
@@ -275,16 +275,16 @@ def test_low_level_pbkdf2(self):
275275
encoded = hasher.encode("lètmein", "seasalt2")
276276
self.assertEqual(
277277
encoded,
278-
"pbkdf2_sha256$720000$"
279-
"seasalt2$e8hbsPnTo9qWhT3xYfKWoRth0h0J3360yb/tipPhPtY=",
278+
"pbkdf2_sha256$870000$"
279+
"seasalt2$nxgnNHRsZWSmi4hRSKq2MRigfaRmjDhH1NH4g2sQRbU=",
280280
)
281281
self.assertTrue(hasher.verify("lètmein", encoded))
282282

283283
def test_low_level_pbkdf2_sha1(self):
284284
hasher = PBKDF2SHA1PasswordHasher()
285285
encoded = hasher.encode("lètmein", "seasalt2")
286286
self.assertEqual(
287-
encoded, "pbkdf2_sha1$720000$seasalt2$2DDbzziqCtfldrRSNAaF8oA9OMw="
287+
encoded, "pbkdf2_sha1$870000$seasalt2$iFPKnrkYfxxyxaeIqxq+c3nJ/j4="
288288
)
289289
self.assertTrue(hasher.verify("lètmein", encoded))
290290

0 commit comments

Comments
 (0)