#31358: Increase default password salt size in BasePasswordHasher.
--------------------------------------+------------------------------------
Reporter: Jon Moroney | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by felixxm):
Florian, I checked builtin hashers:
- `BCryptSHA256PasswordHasher`, `BCryptPasswordHasher`,
`UnsaltedSHA1PasswordHasher`, `UnsaltedMD5PasswordHasher`,
`CryptPasswordHasher` are not affected because they override `salt()`,
- `PBKDF2PasswordHasher`, `PBKDF2SHA1PasswordHasher`,
`Argon2PasswordHasher`, `SHA1PasswordHasher`, and `MD5PasswordHasher` use
`BasePasswordHasher.salt()`.
We should introduce `salt_length` attribute in a separate PR/commit and
take it into account in `must_update()` for affected hashers. I'm not sure
how to set `salt_length` for hashers that override `salt()`.
--
Ticket URL: <https://code.djangoproject.com/ticket/31358#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.fef7a29b74467475c68f4c430e1394c0%40djangoproject.com.
