From 040972bcbab905d17f011a515b00bd86f145f63d Mon Sep 17 00:00:00 2001
From: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>
Date: Mon, 19 Feb 2024 17:31:28 -0800
Subject: [PATCH] Increase PBKDF2 iterations to 600,000

OWASP Cheat Sheet recommends 600,000 iterations.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
---
 lib/hashing_passwords.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/hashing_passwords.py b/lib/hashing_passwords.py
index 4540db75..beea1e85 100644
--- a/lib/hashing_passwords.py
+++ b/lib/hashing_passwords.py
@@ -16,7 +16,6 @@
 
 """
 
-import hashlib
 from os import urandom
 from base64 import b64encode, b64decode
 from hashlib import pbkdf2_hmac
@@ -30,7 +29,7 @@ HASH_FUNCTION = 'sha256'  # Must be in hashlib.
 # Linear to the hashing time. Adjust to be high but take a reasonable
 # amount of time on your server. Measure with:
 # python -m timeit -s 'import passwords as p' 'p.make_hash("something")'
-COST_FACTOR = 10000
+COST_FACTOR = 600000
 
 
 def make_hash(password):