Update topics/authentication/password-policies.adoc

This commit is contained in:
Stian Thorgersen 2016-06-13 13:24:44 +02:00
parent efa96e5637
commit bcb3a0e1c4

View file

@ -31,9 +31,11 @@ Here's an explanation of each policy type:
HashAlgorithm:: HashAlgorithm::
Passwords are not stored as clear text. Instead they are hashed using standard hashing algorithms before they are stored or validated. Passwords are not stored as clear text. Instead they are hashed using standard hashing algorithms before they are stored or validated.
The only built in and default algorithm available is PBKDF2. See the link:{{book.developerguide.link}}[{{book.developerguide.name}}] {% if book.community %}
The only built-in and default algorithm available is PBKDF2. See the link:{{book.developerguide.link}}[{{book.developerguide.name}}]
on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until
the next time the user logs in. the next time the user logs in.
{% endif %}
HashIterations:: HashIterations::
This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000. This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000.
This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database