mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
FEATURE: Increase pbkdf2 iterations to 600k (#20981)
Existing passwords will continue to work. Hashes will be regenerates on a user's next login.
This commit is contained in:
parent
352bd35bf6
commit
ba5b035f6e
|
@ -144,7 +144,7 @@ module Discourse
|
||||||
config.active_record.use_schema_cache_dump = false
|
config.active_record.use_schema_cache_dump = false
|
||||||
|
|
||||||
# per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
|
# per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
|
||||||
config.pbkdf2_iterations = 64_000
|
config.pbkdf2_iterations = 600_000
|
||||||
config.pbkdf2_algorithm = "sha256"
|
config.pbkdf2_algorithm = "sha256"
|
||||||
|
|
||||||
# rack lock is nothing but trouble, get rid of it
|
# rack lock is nothing but trouble, get rid of it
|
||||||
|
|
|
@ -14,10 +14,7 @@ For a list of recent security commits, check [our GitHub commits prefixed with S
|
||||||
|
|
||||||
Discourse uses the PBKDF2 algorithm to encrypt salted passwords. This algorithm is blessed by NIST. Security experts on the web [tend to agree that PBKDF2 is a secure choice](https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage).
|
Discourse uses the PBKDF2 algorithm to encrypt salted passwords. This algorithm is blessed by NIST. Security experts on the web [tend to agree that PBKDF2 is a secure choice](https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage).
|
||||||
|
|
||||||
**options you can customize in your production.rb file**
|
Discourse currently uses PBKDF2 with the sha256 hashing algorithm and 600,000 iterations.
|
||||||
|
|
||||||
- `pbkdf2_algorithm`: the hashing algorithm used (default "sha256")
|
|
||||||
- `pbkdf2_iterations`: the number of iterations to run (default 64000)
|
|
||||||
|
|
||||||
### XSS
|
### XSS
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user