Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-9208

Increase bcrypt cost parameter

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2018-11-01
    • Component/s: Accounts
    • Labels:
      None
    • Size Estimate:
      House

      Description

      User passwords are stored encrypted via bcrypt (Blowfish). The cost parameter is still 10, as it was when introduced in 2013. Since computing power is ever increasing, we should use a higher cost parameter of at least 12 (four times the work); see an answer on Security.SE for more background.

      This will only affect new passwords (new account or changed password).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              yvanzo yvanzo
              Reporter:
              chirlu Ulrich Klauer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  2018-11-01