|
|
@@ -172,8 +172,9 @@ iterations needs to be increased. We've chosen a reasonable default (and will
|
|
|
increase it with each release of Django), but you may wish to tune it up or
|
|
|
down, depending on your security needs and available processing power. To do so,
|
|
|
you'll subclass the appropriate algorithm and override the ``iterations``
|
|
|
-parameters. For example, to increase the number of iterations used by the
|
|
|
-default PBKDF2 algorithm:
|
|
|
+parameter (use the ``rounds`` parameter when subclassing a bcrypt hasher). For
|
|
|
+example, to increase the number of iterations used by the default PBKDF2
|
|
|
+algorithm:
|
|
|
|
|
|
#. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``::
|
|
|
|
|
|
@@ -201,6 +202,11 @@ default PBKDF2 algorithm:
|
|
|
That's it -- now your Django install will use more iterations when it
|
|
|
stores passwords using PBKDF2.
|
|
|
|
|
|
+.. note::
|
|
|
+
|
|
|
+ bcrypt ``rounds`` is a logarithmic work factor, e.g. 12 rounds means
|
|
|
+ ``2 ** 12`` iterations.
|
|
|
+
|
|
|
Argon2
|
|
|
~~~~~~
|
|
|
|
yyyyyyyan