Implement `PBKDF2PrehashPasswordHasher` to prevent hashing time from depending on password length
|Reported by:||coolRR||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
See attached patch.
PBKDF2PrehashPasswordHasher is implemented. Now passwords are prehashed, and hashing time isn't influenced by password length, and the DoS attack vector is avoided.
(Patch needs some polish, I wasn't able to run tests, and docs need to be written.))
Change History (9)
comment:1 Changed 3 years ago by
|Patch needs improvement:||unset|