Project

General

Profile

Actions

Feature #12962

closed

Improve default sha512 password hashing rounds

Added by Phil Wardt over 2 years ago. Updated over 2 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

After this change: https://redmine.pfsense.org/issues/10298
The default encryption for passwords is sha512

However, by default, sha512 only does 5000 rounds of encryption which is very weak
Increase rounds to 800k to provide same bcrypt default 10 rounds password resilience

See: https://www.reddit.com/r/PFSENSE/comments/ssnp35/260_default_password_hashing_changed_from_bcrypt/

Git commit to fix the issue:

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Duplicate
  • Assignee deleted (Jim Pingle)
  • Priority changed from Very High to Normal

Already covered by multiple other issues.

See: #12855, #12800, #12863

Actions

Also available in: Atom PDF