# HG changeset patch # User Kim Alvefur # Date 1640533864 -3600 # Node ID 593e823566e18a5774e3a7bbf12db909ef529086 # Parent baa7cdde69a6c195414f75825ac9379e8bd8d7f2 mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438 More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that. diff -r baa7cdde69a6 -r 593e823566e1 doc/doap.xml --- a/doc/doap.xml Sun Dec 26 16:37:50 2021 +0100 +++ b/doc/doap.xml Sun Dec 26 16:51:04 2021 +0100 @@ -787,6 +787,13 @@ + + 0.2.0 + partial + + + + 0.2.0 complete diff -r baa7cdde69a6 -r 593e823566e1 plugins/mod_auth_internal_hashed.lua --- a/plugins/mod_auth_internal_hashed.lua Sun Dec 26 16:37:50 2021 +0100 +++ b/plugins/mod_auth_internal_hashed.lua Sun Dec 26 16:51:04 2021 +0100 @@ -28,7 +28,7 @@ local scram_name = "scram_"..hash_name:gsub("%-","_"):lower(); -- Default; can be set per-user -local default_iteration_count = module:get_option_number("default_iteration_count", 4096); +local default_iteration_count = module:get_option_number("default_iteration_count", 10000); -- define auth provider local provider = {}; diff -r baa7cdde69a6 -r 593e823566e1 util/sasl/scram.lua --- a/util/sasl/scram.lua Sun Dec 26 16:37:50 2021 +0100 +++ b/util/sasl/scram.lua Sun Dec 26 16:51:04 2021 +0100 @@ -41,7 +41,7 @@ 'tls-unique' according to RFC 5929 ]] -local default_i = 4096 +local default_i = 10000 local function validate_username(username, _nodeprep) -- check for forbidden char sequences