Changes between Initial Version and Version 1 of Ticket #30472
- Timestamp:
- May 10, 2019, 5:38:25 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #30472 – Description
initial v1 1 There were t woimportant changes in the upstream [https://github.com/hynek/argon2_cffi argon2-cffi] library since Django 1.10 was released with Argon2 support:1 There were three important changes in the upstream [https://github.com/hynek/argon2_cffi argon2-cffi] library since Django 1.10 was released with Argon2 support: 2 2 3 3 1. (Nov 10, 2016) argon2id support was added: https://github.com/hynek/argon2_cffi/commit/00120a9880a74a5aedb13ee343bf6ccd507bb2d8#diff-1efe26b4b54ac28232eaecb9107ee6ed 4 4 2. (Apr 9, 2018) argon2id became its default type: https://github.com/hynek/argon2_cffi/pull/34/files 5 3. (Aug 18, 2018) its hasher's default memory cost changed from 512 to 102400, and parallelism from 2 to 8, per [https://tools.ietf.org/html/draft-irtf-cfrg-argon2-04#section-4 RFC draft] recommendations: https://github.com/hynek/argon2_cffi/commit/1ec39f8dc7a140b68099549b799301113576bde2 5 6 6 When Django 1.10 was released, only argon2d and argon2i were available, hence the hard-coded argon2i variety in Argon2PasswordHasher. 7 When Django 1.10 was released, only argon2d and argon2i were available, hence the hard-coded argon2i variety in Argon2PasswordHasher. The memory_cost = 512 and parallelism = 2 were also copied from argon2-cffi at that time. 8 9 Now we should sync Django with upstream updates.