mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 09:44:00 +01:00
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit3ea0b287d7
) (cherry picked from commitdb8392a8ac
) (cherry picked from commitbd2a5fa292
) (cherry picked from commit2436acb3d9
) (cherry picked from commit62f50e1c52
) (cherry picked from commitdba1892521
) (cherry picked from commit4b58e3b6d4
) (cherry picked from commit1247056856
) (cherry picked from commitafbaea7009
) (cherry picked from commitdcd4813d96
) (cherry picked from commitb51dc963d1
) (cherry picked from commit611e895efd
) (cherry picked from commitfd492a03f5
) (cherry picked from commit2c99991f44
) (cherry picked from commit7426c1edb4
) (cherry picked from commit373244f8b2
) (cherry picked from commit4f6efecdb9
) (cherry picked from commit61d500808e
) (cherry picked from commit65f8384b63
) (cherry picked from commit12ed28e734
) (cherry picked from commitec6cdc9e1a
) (cherry picked from commit08653ba051
) (cherry picked from commitd5847c87cb
) (cherry picked from commit640a96e19b
) (cherry picked from commit46177814a9
) (cherry picked from commitb0098f5a80
) (cherry picked from commitce5ddeeca9
) (cherry picked from commit5736fa1025
) (cherry picked from commitc43ca210fc
) (cherry picked from commit7f92906bf3
) (cherry picked from commitf726525d2d
) (cherry picked from commitdb86c93b0b
) (cherry picked from commit6751bd93c3
) (cherry picked from commit74bb523ac9
) (cherry picked from commit94f9045a81
) (cherry picked from commit5297eac42d
) (cherry picked from commit57e3c57c51
) (cherry picked from commitc5cacfee51
) (cherry picked from commitdfa31ee004
) (cherry picked from commitd7d10a76b4
)
This commit is contained in:
parent
ab31ef1bba
commit
62bd4edd46
3 changed files with 7 additions and 7 deletions
|
@ -480,8 +480,8 @@ INTERNAL_TOKEN=
|
||||||
;;Classes include "lower,upper,digit,spec"
|
;;Classes include "lower,upper,digit,spec"
|
||||||
;PASSWORD_COMPLEXITY = off
|
;PASSWORD_COMPLEXITY = off
|
||||||
;;
|
;;
|
||||||
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
|
;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
|
||||||
;PASSWORD_HASH_ALGO = pbkdf2
|
;PASSWORD_HASH_ALGO = pbkdf2_hi
|
||||||
;;
|
;;
|
||||||
;; Set false to allow JavaScript to read CSRF cookie
|
;; Set false to allow JavaScript to read CSRF cookie
|
||||||
;CSRF_COOKIE_HTTP_ONLY = true
|
;CSRF_COOKIE_HTTP_ONLY = true
|
||||||
|
|
|
@ -10,7 +10,7 @@ package hash
|
||||||
//
|
//
|
||||||
// It will be dealiased as per aliasAlgorithmNames whereas
|
// It will be dealiased as per aliasAlgorithmNames whereas
|
||||||
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
||||||
const DefaultHashAlgorithmName = "pbkdf2"
|
const DefaultHashAlgorithmName = "pbkdf2_hi"
|
||||||
|
|
||||||
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
||||||
|
|
||||||
|
|
|
@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
|
t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
|
||||||
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
|
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
|
||||||
pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
|
pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
|
||||||
|
|
||||||
assert.Equal(t, pbkdf2v2Config, emptyConfig)
|
assert.Equal(t, pbkdf2hiConfig, emptyConfig)
|
||||||
assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification)
|
assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue