Page MenuHomePhabricator

Allow hashers to side-grade hashes across cost settings
ClosedPublic

Authored by epriestley on Feb 18 2014, 7:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 5, 11:16 AM
Unknown Object (File)
Thu, Dec 5, 7:50 AM
Unknown Object (File)
Thu, Dec 5, 7:45 AM
Unknown Object (File)
Fri, Nov 29, 10:02 PM
Unknown Object (File)
Nov 26 2024, 7:42 AM
Unknown Object (File)
Nov 24 2024, 1:19 AM
Unknown Object (File)
Nov 20 2024, 10:23 AM
Unknown Object (File)
Nov 4 2024, 4:45 PM
Subscribers

Details

Summary

Ref T4443. In addition to performing upgrades from, e.g., md5 -> bcrypt, also allow sidegrades from, e.g., bcrypt(cost=11) to bcrypt(cost=12). This allows us to, for example, bump the cost function every 18 months and stay on par with Moore's law, on average.

I'm also allowing "upgrades" which technically reduce cost, but this seems like the right thing to do (i.e., generally migrate password storage so it's all uniform, on average).

Test Plan
  • Fiddled the bcrypt cost function and saw appropriate upgrade UI, and upgraded passwords upon password change.
  • Passwords still worked.
  • Around cost=13 or 14 things start getting noticibly slow, so bcrypt does actually work. Such wow.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped