simonw/datasette-auth-passwords

Increase default iterations count

Closed this issue 2 years ago · 3 comments

simonw commented 2 years ago

datasette-auth-passwords/datasette_auth_passwords/utils.py

Line 8 in 2ebd439

def hash_password(password, salt=None, iterations=260000):

Imitate Django here - the 4.1 alpha increases if from 320,000 to 390,000.

https://docs.djangoproject.com/en/dev/releases/4.1/#django-contrib-auth

simonw commented 2 years ago

I'm tempted to run a scraper to spot when this changes in the future and open an issue, ala https://simonwillison.net/2022/Apr/28/issue-on-changes/

simonw commented 2 years ago

I asked Carlton what the rule is for Django here: https://twitter.com/simonw/status/1526921046837719040

simonw commented 2 years ago

Django 4.2 will increase to 480,000 - applying that now. https://docs.djangoproject.com/en/dev/releases/4.2/#django-4-2-release-notes-under-development