github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-05 20:51:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Increase PBKDF2 iterations to 600,000

Browse source 
OWASP Cheat Sheet recommends 600,000 iterations.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
This commit is contained in:
JonnyWong16 2024-02-19 17:31:28 -08:00
parent c172965ec8
commit 040972bcba
No known key found for this signature in database
GPG key ID: B1F1F9807184697A
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/hashing_passwords.py
View file

@ -16,7 +16,6 @@
""" """
import hashlib
from os import urandom from os import urandom
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
from hashlib import pbkdf2_hmac from hashlib import pbkdf2_hmac
@ -30,7 +29,7 @@ HASH_FUNCTION = 'sha256' # Must be in hashlib.
# Linear to the hashing time. Adjust to be high but take a reasonable # Linear to the hashing time. Adjust to be high but take a reasonable
# amount of time on your server. Measure with: # amount of time on your server. Measure with:
# python -m timeit -s 'import passwords as p' 'p.make_hash("something")' # python -m timeit -s 'import passwords as p' 'p.make_hash("something")'
COST_FACTOR = 10000 COST_FACTOR = 600000
def make_hash(password): def make_hash(password):