From 94ebfd0a2bb5cfe7a0c4ef199496a8586fe0cb8c Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 13 Jun 2016 13:26:07 +0200 Subject: [PATCH] Update topics/authentication/password-policies.adoc --- topics/authentication/password-policies.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/topics/authentication/password-policies.adoc b/topics/authentication/password-policies.adoc index ceb4fb076f..effa7fbe69 100644 --- a/topics/authentication/password-policies.adoc +++ b/topics/authentication/password-policies.adoc @@ -36,6 +36,11 @@ HashAlgorithm:: on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until the next time the user logs in. {% endif %} +{% if book.product %} +HashAlgorithm:: + Passwords are not stored as clear text. Instead they are hashed using standard hashing algorithms before they are stored or validated. + The only currently supported algorithm is PBKDF2. +{% endif %} HashIterations:: This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000. This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database