cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Increase password stretching to 10000 interations

Browse source 
This is in line with current reccomendations from various sources.
This commit is contained in:
Tom Hughes 2016-11-25 08:54:57 +00:00
parent 34c473f503
commit 44e778aedd
2 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/password_hash.rb
View file

@ -6,7 +6,7 @@ require "digest/md5"
module PasswordHash module PasswordHash
SALT_BYTE_SIZE = 32 SALT_BYTE_SIZE = 32
HASH_BYTE_SIZE = 32 HASH_BYTE_SIZE = 32
PBKDF2_ITERATIONS = 1000 PBKDF2_ITERATIONS = 10000
DIGEST_ALGORITHM = "sha512".freeze DIGEST_ALGORITHM = "sha512".freeze
def self.create(password) def self.create(password)

14
test/lib/password_hash_test.rb
View file

@ -14,6 +14,20 @@ class PasswordHashTest < ActiveSupport::TestCase
assert_equal true, PasswordHash.upgrade?("67a1e09bb1f83f5007dc119c14d663aa", "salt") assert_equal true, PasswordHash.upgrade?("67a1e09bb1f83f5007dc119c14d663aa", "salt")
end end
def test_pbkdf2_1000_32_sha512
assert_equal true, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "password")
assert_equal false, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "wrong")
assert_equal false, PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gwrongtoNzm/CNKe4cf7bPKwdUNrk=", "password")
assert_equal true, PasswordHash.upgrade?("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=")
end
def test_pbkdf2_10000_32_sha512
assert_equal true, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
assert_equal false, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "wrong")
assert_equal false, PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtMwronguvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
assert_equal false, PasswordHash.upgrade?("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=")
end
def test_default def test_default
hash1, salt1 = PasswordHash.create("password") hash1, salt1 = PasswordHash.create("password")
hash2, salt2 = PasswordHash.create("password") hash2, salt2 = PasswordHash.create("password")