#31358: Increase default password salt size.
-------------------------------------+-------------------------------------
Reporter: Jon Moroney | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: Utilities | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Florian Apolloner):
In general I like the idea of just increasing `get_random_string` and not
doing it in X locations as needed. But I fear that a subtle change like
this might break quite a few systems, so I am with Mariusz to do it just
for the hasher (not every usage of get_random_string has the same security
requirements).
I didn't check, but do we have tests for changing salt lengths and how the
update works?
--
Ticket URL: <https://code.djangoproject.com/ticket/31358#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.783364f22be7e3a40bc20d1d127f5559%40djangoproject.com.
