rnewson commented on code in PR #4814:
URL: https://github.com/apache/couchdb/pull/4814#discussion_r1386397163
##########
dev/run:
##########
@@ -571,8 +572,8 @@ def hashify(pwd, salt=COMMON_SALT, iterations=10,
keylen=20):
>>> hashify(candeira)
-pbkdf2-99eb34d97cdaa581e6ba7b5386e112c265c5c670,d1d2d4d8909c82c81b6c8184429a0739,10
"""
- derived_key = pbkdf2_hex(pwd, salt, iterations, keylen)
- return "-pbkdf2-%s,%s,%s" % (derived_key, salt, iterations)
+ derived_key = pbkdf2_hex(pwd, salt, iterations, keylen,
hashfunc=hashlib.sha256)
+ return "-pbkdf2:sha256-%s,%s,%s" % (derived_key, salt, iterations)
Review Comment:
one note here: an admin cred can't be used until it's hashed, so if
iterations is high (or the machine is slow), dev/run doesn't boot as it doesn't
wait long enough for the hashing. This is a latent issue, it's just exposed
more with the new defaults (50_000 in default.ini, which is why the Makefile
overrides it to 9, so those dev/run's boot up quickly).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
