This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch decouple_offline_hash_strength_from_online
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 3c75a20e8f17a1442a1890b68a79ed54f40154c8
Author: Robert Newson <rnew...@apache.org>
AuthorDate: Fri Oct 27 17:29:33 2023 +0100
Enhance dev/run to use pbkdf2 with sha256
---
dev/run | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/dev/run b/dev/run
index 823206ae0..707c8a4d7 100755
--- a/dev/run
+++ b/dev/run
@@ -17,6 +17,7 @@ import base64
import contextlib
import functools
import glob
+import hashlib
import inspect
import json
import ntpath
@@ -560,7 +561,7 @@ def gen_password():
return base64.b64encode(os.urandom(6)).decode()
-def hashify(pwd, salt=COMMON_SALT, iterations=10, keylen=20):
+def hashify(pwd, salt=COMMON_SALT, iterations=10, keylen=32):
"""
Implements password hashing according to:
- https://issues.apache.org/jira/browse/COUCHDB-1060
@@ -571,8 +572,8 @@ def hashify(pwd, salt=COMMON_SALT, iterations=10,
keylen=20):
>>> hashify(candeira)
-pbkdf2-99eb34d97cdaa581e6ba7b5386e112c265c5c670,d1d2d4d8909c82c81b6c8184429a0739,10
"""
- derived_key = pbkdf2_hex(pwd, salt, iterations, keylen)
- return "-pbkdf2-%s,%s,%s" % (derived_key, salt, iterations)
+ derived_key = pbkdf2_hex(pwd, salt, iterations, keylen,
hashfunc=hashlib.sha256)
+ return "-pbkdf2:sha256-%s,%s,%s" % (derived_key, salt, iterations)
def startup(ctx):
