prosody
593e823566e1
plugins/mod_auth_internal_hashed.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_auth_internal_hashed.lua @ 12128:593e823566e1

mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438 More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
author Kim Alvefur <zash@zash.se>
date Sun, 26 Dec 2021 16:51:04 +0100
parent 12127:baa7cdde69a6
child 12355:a0ff5c438e9d
comparison
equal deleted inserted replaced
12127:baa7cdde69a6 12128:593e823566e1
26 local hash_name = module:get_option_string("password_hash", "SHA-1"); 26 local hash_name = module:get_option_string("password_hash", "SHA-1");
27 local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); 27 local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library");
28 local scram_name = "scram_"..hash_name:gsub("%-","_"):lower(); 28 local scram_name = "scram_"..hash_name:gsub("%-","_"):lower();
29 29
30 -- Default; can be set per-user 30 -- Default; can be set per-user
31 local default_iteration_count = module:get_option_number("default_iteration_count", 4096); 31 local default_iteration_count = module:get_option_number("default_iteration_count", 10000);
32 32
33 -- define auth provider 33 -- define auth provider
34 local provider = {}; 34 local provider = {};
35 35
36 function provider.test_password(username, password) 36 function provider.test_password(username, password)