mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-25 11:33:11 +00:00 
			
		
		
		
	[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit3ea0b287d7) (cherry picked from commitdb8392a8ac) (cherry picked from commitbd2a5fa292) (cherry picked from commit2436acb3d9) (cherry picked from commit62f50e1c52) (cherry picked from commitdba1892521) (cherry picked from commit4b58e3b6d4) (cherry picked from commit1247056856) (cherry picked from commitafbaea7009) (cherry picked from commitdcd4813d96) (cherry picked from commitb51dc963d1) (cherry picked from commit611e895efd) (cherry picked from commitfd492a03f5) (cherry picked from commit2c99991f44) (cherry picked from commit7426c1edb4) (cherry picked from commit373244f8b2) (cherry picked from commit4f6efecdb9) (cherry picked from commit61d500808e) (cherry picked from commit65f8384b63) (cherry picked from commit12ed28e734) (cherry picked from commitec6cdc9e1a) (cherry picked from commit08653ba051) (cherry picked from commitd5847c87cb) (cherry picked from commit640a96e19b) (cherry picked from commit46177814a9) (cherry picked from commitb0098f5a80) (cherry picked from commitce5ddeeca9) (cherry picked from commit5736fa1025) (cherry picked from commitc43ca210fc) (cherry picked from commit7f92906bf3) (cherry picked from commitf726525d2d) (cherry picked from commitdb86c93b0b) (cherry picked from commit6751bd93c3) (cherry picked from commit9dc354e0bc)
This commit is contained in:
		
					parent
					
						
							
								6954d234d3
							
						
					
				
			
			
				commit
				
					
						e50ba1dbfd
					
				
			
		
					 3 changed files with 7 additions and 7 deletions
				
			
		|  | @ -479,8 +479,8 @@ INTERNAL_TOKEN= | |||
| ;;Classes include "lower,upper,digit,spec" | ||||
| ;PASSWORD_COMPLEXITY = off | ||||
| ;; | ||||
| ;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt" | ||||
| ;PASSWORD_HASH_ALGO = pbkdf2 | ||||
| ;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt" | ||||
| ;PASSWORD_HASH_ALGO = pbkdf2_hi | ||||
| ;; | ||||
| ;; Set false to allow JavaScript to read CSRF cookie | ||||
| ;CSRF_COOKIE_HTTP_ONLY = true | ||||
|  |  | |||
|  | @ -10,7 +10,7 @@ package hash | |||
| // | ||||
| // It will be dealiased as per aliasAlgorithmNames whereas | ||||
| // defaultEmptyHashAlgorithmSpecification does not undergo dealiasing. | ||||
| const DefaultHashAlgorithmName = "pbkdf2" | ||||
| const DefaultHashAlgorithmName = "pbkdf2_hi" | ||||
| 
 | ||||
| var DefaultHashAlgorithm *PasswordHashAlgorithm | ||||
| 
 | ||||
|  |  | |||
|  | @ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) { | |||
| 		}) | ||||
| 	} | ||||
| 
 | ||||
| 	t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) { | ||||
| 	t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) { | ||||
| 		emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("") | ||||
| 		pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2") | ||||
| 		pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi") | ||||
| 
 | ||||
| 		assert.Equal(t, pbkdf2v2Config, emptyConfig) | ||||
| 		assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification) | ||||
| 		assert.Equal(t, pbkdf2hiConfig, emptyConfig) | ||||
| 		assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification) | ||||
| 	}) | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue