forks/forgejo
1
0
Fork 0
Code Releases Activity

[SECURITY] default to pbkdf2 with 320,000 iterations

Browse source 
(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 2436acb3d9)
(cherry picked from commit 62f50e1c52)
(cherry picked from commit dba1892521)
(cherry picked from commit 4b58e3b6d4)
(cherry picked from commit 1247056856)
(cherry picked from commit afbaea7009)
(cherry picked from commit dcd4813d96)
This commit is contained in:
Loïc Dachary 2023-02-20 23:25:12 +01:00 committed by Earl Warren
parent 18e6287963
commit b51dc963d1
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
custom/conf/app.example.ini
View file

@ -476,8 +476,8 @@ INTERNAL_TOKEN=
;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off
;;
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
;PASSWORD_HASH_ALGO = pbkdf2
;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
;PASSWORD_HASH_ALGO = pbkdf2_hi
;;
;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true

2
modules/auth/password/hash/setting.go
View file

@ -10,7 +10,7 @@ package hash
//
// It will be dealiased as per aliasAlgorithmNames whereas
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
const DefaultHashAlgorithmName = "pbkdf2"
const DefaultHashAlgorithmName = "pbkdf2_hi"
var DefaultHashAlgorithm *PasswordHashAlgorithm

8
modules/auth/password/hash/setting_test.go
View file

@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
})
}
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
assert.Equal(t, pbkdf2v2Config, emptyConfig)
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification)
assert.Equal(t, pbkdf2hiConfig, emptyConfig)
assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
})
}