Changes between Initial Version and Version 1 of Ticket #21105, comment 4
- Timestamp:
- Sep 16, 2013, 11:56:16 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21105, comment 4
initial v1 1 1 The point of PBKDF-2 is key-streteching. That is, to make it at least some configurable difficulty level to calculate. It does this by passing multiple rounds of of a derivation function which is currently sha256. ( https://github.com/django/django/blob/master/django/utils/crypto.py#L136) 2 2 3 There are many places in this function that would be sensitive to input length (such as the force_bytes call) but I have twocomments regarding that:3 There are many places in this function that would be sensitive to input length (such as the force_bytes call) but I have some comments regarding that: 4 4 5 5 - I'm not convinced we should be trying to make the hasher work in constant time given any input. Ideally, it's goal is to ensure a minimum time/memory/computational cost. I think maybe it would be better to have the caller responsible to prevent overly long input from going in.