[Rt-commit] rt branch, 4.2/bcrypt-passwords, repushed

Alex Vandiver alexmv at bestpractical.com
Wed Sep 4 12:00:28 EDT 2013


The branch 4.2/bcrypt-passwords was deleted and repushed:
       was 501c2fb478991f85c0011052021e17b7c17b2c7b
       now 7a0fe00d4379f7b183aa04a931f37a7decbce984

1:  b0e494c = 1:  b0e494c Switch to Blowfish-based bcrypt for password hashing
2:  87cf33b = 2:  87cf33b SHA-512 passwords before passing to bcrypt for key derivation
3:  501c2fb ! 3:  7a0fe00 Allow a tunable number of rounds for bcrypt key derivation
    @@ -10,15 +10,15 @@
      Set(@ReferrerWhitelist, qw());
      
     +
    -+=item C<$BcryptRounds>
    ++=item C<$BcryptCost>
     +
    -+This sets the default effort parameter used for the C<bcrypt> key
    ++This sets the default cost parameter used for the C<bcrypt> key
     +derivation function.  Valid values range from 4 to 31, inclusive, with
     +higher numbers denoting greater effort.
     +
     +=cut
     +
    -+Set($BcryptRounds, 10);
    ++Set($BcryptCost, 10);
     +
      =back
      
    @@ -33,7 +33,7 @@
          } else {
     -        # The current standard is 10 rounds
     -        $rounds = 10;
    -+        $rounds = RT->Config->Get('BcryptRounds');
    ++        $rounds = RT->Config->Get('BcryptCost');
      
              # Generate a random 16-octet base64 salt
              $salt = "";
    @@ -44,7 +44,7 @@
     -            return $self->_GeneratePassword_bcrypt($value, @rest) eq $stored;
     +            return 0 unless $self->_GeneratePassword_bcrypt($value, @rest) eq $stored;
     +            # Upgrade to a larger number of rounds if necessary
    -+            return 1 unless $rest[0] < RT->Config->Get('BcryptRounds');
    ++            return 1 unless $rest[0] < RT->Config->Get('BcryptCost');
              } elsif ($method eq "sha512") {
                  return 0 unless $self->_GeneratePassword_sha512($value, @rest) eq $stored;
              } else {



More information about the Rt-commit mailing list