Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed #35428 -- Increased parallelism parameter for the ScryptPasswordHasher. #18157

Merged
merged 1 commit into from May 17, 2024
Merged

Fixed #35428 -- Increased parallelism parameter for the ScryptPasswordHasher. #18157

merged 1 commit into from May 17, 2024

Conversation

saJaeHyukc
Copy link
Contributor

Trac ticket number

ticket-35428

Branch description

I modified the parallelism value of the ScriptPasswordHasher to the value recommended by OAWSP. For other options, increasing N=2^x would exceed the specified limited memory, so I did not want to increase the parameters of maxmem, so I only increased the parallelism value.

I think the best value is this option.
N=2^14 (16 MiB), r=8 (1024 bytes), p=5

Checklist

  • This PR targets the main branch.
  • The commit message is written in past tense, mentions the ticket number, and ends with a period.
  • I have checked the "Has patch" ticket flag in the Trac system.
  • I have added or updated relevant tests.
  • I have added or updated relevant docs, including release notes if applicable.
  • I have attached screenshots in both light and dark modes for any UI changes.

@felixxm felixxm changed the title Refs #35428 -- Increased the parallelism parameter value for the ScryptPasswordHasher Fixed #35428 -- Increased parallelism parameter for the ScryptPasswordHasher. May 10, 2024
@saJaeHyukc saJaeHyukc force-pushed the issue-35428 branch 2 times, most recently from 50164a0 to 1ab5972 Compare May 11, 2024 03:52
@adamchainz
Copy link
Sponsor Member

The release note should be for 5.1, as this won't be backported, and should not be described as a bug fix, as this is a security hardening.

@saJaeHyukc saJaeHyukc force-pushed the issue-35428 branch 2 times, most recently from 5cd1a94 to 8a46ad8 Compare May 11, 2024 10:32
@saJaeHyukc
Copy link
Contributor Author

The release note should be for 5.1, as this won't be backported, and should not be described as a bug fix, as this is a security hardening.

Thank you for letting me know :)

felixxm
felixxm reviewed May 11, 2024
View reviewed changes
docs/releases/5.1.txt Outdated Show resolved Hide resolved
@saJaeHyukc saJaeHyukc force-pushed the issue-35428 branch 2 times, most recently from 8f55029 to 3028fa7 Compare May 11, 2024 18:33
sarahboyce
sarahboyce approved these changes May 16, 2024
View reviewed changes
Copy link
Contributor

@sarahboyce sarahboyce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @saJaeHyukc 👍

@sarahboyce sarahboyce merged commit 8f205ac into django:main May 17, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixxm felixxm felixxm left review comments

@adamchainz adamchainz adamchainz approved these changes

@sarahboyce sarahboyce sarahboyce approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@saJaeHyukc @adamchainz @felixxm @sarahboyce