Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #18441: Increase password work factor

Download Browse

The cost of Bcrypt hashed passwords has been increased to 13. This follow the current recommendations [0] and the example of other major web frameworks [1]. The existing passwords will be rehashed when the users log in. The work factor for password stored for the UNIX accounts has been increased by ~ a similar factor. [0] https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt [1] https://github.com/symfony/symfony/blob/8b51547061b29081803eb9fdf9b02cf80a1e1a74/src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php#L35 Change-Id: I0bdc4f9cdaa262915ea14f43beccd73f2a6176f8

+4 −5
Thomas Gerbet (tgerbet) 2020-12-11 13:23
Thomas Gerbet (tgerbet) 2020-12-11 13:31
515f1ca006179997979910d581db121db4a9bd96
260fc839a4b1697ffe9fcf9103af1825ecddc65a
git #tuleap/stable/515f1ca006179997979910d581db121db4a9bd96

Modified Files

Side by side diff
Inline diff
Name
M src/common/User/Password/StandardPasswordHandler.php +4 −5 Go to diff View file