[Rt-commit] rt branch, 4.2/bcrypt-passwords, repushed
Alex Vandiver
alexmv at bestpractical.com
Wed Sep 4 12:00:28 EDT 2013
The branch 4.2/bcrypt-passwords was deleted and repushed:
was 501c2fb478991f85c0011052021e17b7c17b2c7b
now 7a0fe00d4379f7b183aa04a931f37a7decbce984
1: b0e494c = 1: b0e494c Switch to Blowfish-based bcrypt for password hashing
2: 87cf33b = 2: 87cf33b SHA-512 passwords before passing to bcrypt for key derivation
3: 501c2fb ! 3: 7a0fe00 Allow a tunable number of rounds for bcrypt key derivation
@@ -10,15 +10,15 @@
Set(@ReferrerWhitelist, qw());
+
-+=item C<$BcryptRounds>
++=item C<$BcryptCost>
+
-+This sets the default effort parameter used for the C<bcrypt> key
++This sets the default cost parameter used for the C<bcrypt> key
+derivation function. Valid values range from 4 to 31, inclusive, with
+higher numbers denoting greater effort.
+
+=cut
+
-+Set($BcryptRounds, 10);
++Set($BcryptCost, 10);
+
=back
@@ -33,7 +33,7 @@
} else {
- # The current standard is 10 rounds
- $rounds = 10;
-+ $rounds = RT->Config->Get('BcryptRounds');
++ $rounds = RT->Config->Get('BcryptCost');
# Generate a random 16-octet base64 salt
$salt = "";
@@ -44,7 +44,7 @@
- return $self->_GeneratePassword_bcrypt($value, @rest) eq $stored;
+ return 0 unless $self->_GeneratePassword_bcrypt($value, @rest) eq $stored;
+ # Upgrade to a larger number of rounds if necessary
-+ return 1 unless $rest[0] < RT->Config->Get('BcryptRounds');
++ return 1 unless $rest[0] < RT->Config->Get('BcryptCost');
} elsif ($method eq "sha512") {
return 0 unless $self->_GeneratePassword_sha512($value, @rest) eq $stored;
} else {
More information about the Rt-commit
mailing list