Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@couchdb.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rnewson@apache.org
To: commits@couchdb.apache.org
Subject: [1/2] git commit: bump default work factor to 10,000
Message-Id: <20120321212502.93D898552@tyr.zones.apache.org>
Date: Wed, 21 Mar 2012 21:25:02 +0000 (UTC)

Updated Branches:
  refs/heads/COUCHDB-1060-strong-password-hash 77a7d8096 -> 912d3c61c


bump default work factor to 10,000


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/912d3c61
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/912d3c61
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/912d3c61

Branch: refs/heads/COUCHDB-1060-strong-password-hash
Commit: 912d3c61cad3a9b217104d472b25314fe63581a7
Parents: adb4c98
Author: Robert Newson <rnewson@apache.org>
Authored: Tue Mar 20 14:49:15 2012 +0000
Committer: Robert Newson <rnewson@apache.org>
Committed: Tue Mar 20 14:49:15 2012 +0000

----------------------------------------------------------------------
 etc/couchdb/default.ini.tpl.in   |    2 +-
 src/couchdb/couch_httpd_auth.erl |    2 +-
 src/couchdb/couch_server.erl     |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/912d3c61/etc/couchdb/default.ini.tpl.in
----------------------------------------------------------------------
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 6931c97..ce84905 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -65,7 +65,7 @@ require_valid_user = false
 timeout = 600 ; number of seconds before automatic logout
 auth_cache_size = 50 ; size is number of cache entries
 allow_persistent_cookies = false ; set to true to allow persistent cookies
-iterations = 1000 ; iterations for password hashing
+iterations = 10000 ; iterations for password hashing
 
 [couch_httpd_oauth]
 ; If set to 'true', oauth token and consumer secrets will be looked up

http://git-wip-us.apache.org/repos/asf/couchdb/blob/912d3c61/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 02ed8c1..0b4ba8f 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -344,7 +344,7 @@ authenticate(Pass, UserProps) ->
             {couch_passwords:simple(Pass, UserSalt),
             couch_util:get_value(<<"password_sha">>, UserProps, nil)};
         <<"pbkdf2">> ->
-            Iterations = couch_util:get_value(<<"iterations">>, UserProps, 1000),
+            Iterations = couch_util:get_value(<<"iterations">>, UserProps, 10000),
             {couch_passwords:pbkdf2(Pass, UserSalt, Iterations),
              couch_util:get_value(<<"derived_key">>, UserProps, nil)}
     end,

http://git-wip-us.apache.org/repos/asf/couchdb/blob/912d3c61/src/couchdb/couch_server.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_server.erl b/src/couchdb/couch_server.erl
index 7e9aa05..cf66b86 100644
--- a/src/couchdb/couch_server.erl
+++ b/src/couchdb/couch_server.erl
@@ -129,7 +129,7 @@ hash_admin_passwords() ->
     hash_admin_passwords(true).
 
 hash_admin_passwords(Persist) ->
-    Iterations = couch_config:get("couch_httpd_auth", "iterations", "1000"),
+    Iterations = couch_config:get("couch_httpd_auth", "iterations", "10000"),
     lists:foreach(
         fun({_User, "-hashed-" ++ _}) ->
             ok; % already hashed