diff options
| author | Jack Lloyd <[email protected]> | 2018-07-13 21:24:55 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-07-13 21:24:55 -0400 |
| commit | f05cd9faf4140c38bbb10758fc010843b6bdead3 (patch) | |
| tree | 67220e816e9a737661663991f1fcd1c4a66d0632 /news.rst | |
| parent | 3e616dd02b7858865c4b8312312b6f66a96f4d33 (diff) | |
Update password hashing default settings
Bcrypt work factor 10 is looking pretty low these days, as is 100K
iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K,
and also transition passhash9 to using SHA-512 instead of SHA-256.
Also document bcrypt better, and add speed tests for bcrypt and passhash9
Diffstat (limited to 'news.rst')
| -rw-r--r-- | news.rst | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -6,6 +6,13 @@ Version 2.8.0, Not Yet Released * Add support for using the ARMv8 instructions for SM4 encryption (GH #1622) +* The default bcrypt work factor has been increased from 10 to 12. + +* The default algorithm used in passhash9 has changed from SHA-256 to SHA-512, + and the default work factor increased from 10 to 15. + +* Add functions to use FE1 format perserving encryption in FF (GH #1625) + * Avoid a cache side channel in the AES key schedule * Add functions to load and save RSA keys in PKCS #1 format to FFI (GH #1621) |