#31358: Increase default password salt size in BasePasswordHasher.
--------------------------------------+------------------------------------
Reporter: Jon Moroney | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by Florian Apolloner):
Replying to [comment:10 felixxm]:
> We should introduce `salt_length` attribute in a separate PR/commit and
take it into account in `must_update()` for affected hashers.
Ok, I am fine with that approach too.
> I'm not sure how to set `salt_length` for hashers that override
`salt()`.
That is a good question indeed. For the unsalted variants we can set it to
zero just fine and afaik bcrypt also defines it with a fixed length:
https://github.com/pyca/bcrypt/blob/master/src/bcrypt/__init__.py#L50 and
is unlikely to change. So we could set `salt_length` everywhere and update
the hashers to use the builtin `must_update` in addition to their own.
--
Ticket URL: <https://code.djangoproject.com/ticket/31358#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.f84ce6de6853db5a02f90c97c01bce50%40djangoproject.com.
