FEATURE: Increase pbkdf2 iterations to 600k (#20981)

Existing passwords will continue to work. Hashes will be regenerates on a user's next login.
2025-06-04 10:24:39 +08:00 · 2023-04-11 11:56:20 +01:00
parent 352bd35bf6
commit ba5b035f6e
2 changed files with 2 additions and 5 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -144,7 +144,7 @@ module Discourse
    config.active_record.use_schema_cache_dump = false

    # per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
-    config.pbkdf2_iterations = 64_000
+    config.pbkdf2_iterations = 600_000
    config.pbkdf2_algorithm = "sha256"

    # rack lock is nothing but trouble, get rid of it