1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00
No description
Find a file
epriestley 5c84aac908 Allow hashers to side-grade hashes across cost settings
Summary:
Ref T4443. In addition to performing upgrades from, e.g., md5 -> bcrypt, also allow sidegrades from, e.g., bcrypt(cost=11) to bcrypt(cost=12). This allows us to, for example, bump the cost function every 18 months and stay on par with Moore's law, on average.

I'm also allowing "upgrades" which technically reduce cost, but this seems like the right thing to do (i.e., generally migrate password storage so it's all uniform, on average).

Test Plan:
  - Fiddled the bcrypt cost function and saw appropriate upgrade UI, and upgraded passwords upon password change.
  - Passwords still worked.
  - Around cost=13 or 14 things start getting noticibly slow, so bcrypt does actually work. Such wow.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4443

Differential Revision: https://secure.phabricator.com/D8271
2014-02-18 14:09:36 -08:00
bin Write a very basic string extractor 2014-02-05 11:02:41 -08:00
conf Remove tokenizer.ondemand, and always load on demand 2014-02-14 10:24:40 -08:00
externals Add a common password blacklist 2014-01-23 14:01:18 -08:00
resources Provide more storage space for password hashes and migrate existing hashes to "md5:" 2014-02-18 14:09:36 -08:00
scripts Add ButtonBar icons 2014-02-09 10:22:12 -08:00
src Allow hashers to side-grade hashes across cost settings 2014-02-18 14:09:36 -08:00
support Break Aphlict's flash policy server into a separate class 2014-02-17 16:01:09 -08:00
webroot Break some of Aphlict into reasonable classes with sensible responsibilities 2014-02-17 16:00:51 -08:00
.arcconfig Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Drive all Celerity operations from the new map 2013-12-31 18:04:25 -08:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Increment year. 2013-01-03 05:45:08 -08:00
README Modernize README 2014-01-24 12:28:54 -08:00

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) here:

  http://phabricator.org/

Phabricator is developed and maintained by Phacility. The first version of
Phabricator was originally built at Facebook.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.