e7363905fa
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2): - Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512 - Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000 - Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000 - Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000 - Adapt PasswordHashingTest to new defaults - The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations. - Document changes in changes document with note on performance and how to keep the old behaviour. - Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly Fixes #16629 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> |
||
|---|---|---|
| .. | ||
| documentation | ||
| guides | ||
| maven-plugin | ||
| building.md | ||
| cnfc.md | ||
| dependency-license-information.md | ||
| fips.md | ||
| pom.xml | ||
| pull_request_template.md | ||
| tests-db.md | ||
| tests-development.md | ||
| tests-oidc-conformance.md | ||
| tests.md | ||
| transient-users.md | ||
| updating-database-schema.md | ||
| updating-server-config.md | ||