Change default password hashing intervals

This commit is contained in:
Stian Thorgersen 2016-06-02 08:47:07 +02:00
parent e33c69187b
commit cef392e1b2

View file

@ -35,7 +35,7 @@ HashAlgorithm::
on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until
the next time the user logs in. the next time the user logs in.
HashIterations:: HashIterations::
This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 1. This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000.
This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database
they can reverse engineer user passwords. they can reverse engineer user passwords.
The industry recommended value for this parameter changes every year as CPU power improves. The current recommended value The industry recommended value for this parameter changes every year as CPU power improves. The current recommended value