mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-25 19:26:09 +01:00
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit3ea0b287d7
) (cherry picked from commitdb8392a8ac
) (cherry picked from commitbd2a5fa292
) (cherry picked from commit2436acb3d9
) (cherry picked from commit62f50e1c52
) (cherry picked from commitdba1892521
) (cherry picked from commit4b58e3b6d4
) (cherry picked from commit1247056856
) (cherry picked from commitafbaea7009
) (cherry picked from commitdcd4813d96
) (cherry picked from commitb51dc963d1
) (cherry picked from commit611e895efd
) (cherry picked from commitfd492a03f5
) (cherry picked from commit2c99991f44
) (cherry picked from commit7426c1edb4
) (cherry picked from commit373244f8b2
)
This commit is contained in:
parent
578ccfdd27
commit
4f6efecdb9
|
@ -476,8 +476,8 @@ INTERNAL_TOKEN=
|
||||||
;;Classes include "lower,upper,digit,spec"
|
;;Classes include "lower,upper,digit,spec"
|
||||||
;PASSWORD_COMPLEXITY = off
|
;PASSWORD_COMPLEXITY = off
|
||||||
;;
|
;;
|
||||||
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
|
;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
|
||||||
;PASSWORD_HASH_ALGO = pbkdf2
|
;PASSWORD_HASH_ALGO = pbkdf2_hi
|
||||||
;;
|
;;
|
||||||
;; Set false to allow JavaScript to read CSRF cookie
|
;; Set false to allow JavaScript to read CSRF cookie
|
||||||
;CSRF_COOKIE_HTTP_ONLY = true
|
;CSRF_COOKIE_HTTP_ONLY = true
|
||||||
|
|
|
@ -10,7 +10,7 @@ package hash
|
||||||
//
|
//
|
||||||
// It will be dealiased as per aliasAlgorithmNames whereas
|
// It will be dealiased as per aliasAlgorithmNames whereas
|
||||||
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
||||||
const DefaultHashAlgorithmName = "pbkdf2"
|
const DefaultHashAlgorithmName = "pbkdf2_hi"
|
||||||
|
|
||||||
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
||||||
|
|
||||||
|
|
|
@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
|
t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
|
||||||
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
|
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
|
||||||
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
|
pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
|
||||||
|
|
||||||
assert.Equal(t, pbkdf2v2Config, emptyConfig)
|
assert.Equal(t, pbkdf2hiConfig, emptyConfig)
|
||||||
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification)
|
assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue