On 23/05/2024 6:12 pm, Shaheed Haque wrote:
Hi,As happens from time-to-time, I see the 5.1 alpha recently announced has increased the iteration count for the PBKDF2 password hasher (from 720k to 870k), and the putative release notes for 5.2 mention a further increase (to 1M).I assume this iteration count has something to do with the noticeable time it takes to run User.set_password()? Is there something that can be done to mitigate any further increase in the execution time of .set_password(), or am I barking up the wrong tree?
My understanding is the intention is to make brute force attacks more expensive for the attacker.
Don't know whether there might be a better way.
Thanks, Shaheed --You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHAc2jcETxAtMbHfnD1GQFVgWwR8ABOAy%3DjaRuhRW7mQhnOxeQ%40mail.gmail.com <https://groups.google.com/d/msgid/django-users/CAHAc2jcETxAtMbHfnD1GQFVgWwR8ABOAy%3DjaRuhRW7mQhnOxeQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
-- We recommend signal.org Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Your email software can handle signing. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9c7c7294-08fd-4a6a-91de-e99ab27d4a61%40dewhirst.com.au.
OpenPGP_signature.asc
Description: OpenPGP digital signature
