Roundup Tracker - Issues

Message7699

Author rouilj
Recipients rouilj
Date 2022-12-23.03:46:47
Message-id <1671767207.09.0.514232166078.issue2551252@roundup.psfhosted.org>
In-reply-to 
We use sha1 along with PBKDF2.
 
   https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2

recommends 720,000 iterations not 10000.

Change config default to 720,000.

Changing the default will not invalidate existing passwords hashes. They will still
be usable.

Existing passwords will still retain the 10000 iteration number.
Also because of issue 2551251, passwords will not be automatically re-encrypted when user
logs in via web interface.
History
Date User Action Args
2022-12-23 03:46:47rouiljsetrecipients: + rouilj
2022-12-23 03:46:47rouiljsetmessageid: <1671767207.09.0.514232166078.issue2551252@roundup.psfhosted.org>
2022-12-23 03:46:47rouiljlinkissue2551252 messages
2022-12-23 03:46:47rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020