Page MenuHomePhabricator

Allow hashers to side-grade hashes across cost settings
ClosedPublic

Authored by epriestley on Feb 18 2014, 7:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 26, 7:42 AM
Unknown Object (File)
Sun, Nov 24, 1:19 AM
Unknown Object (File)
Wed, Nov 20, 10:23 AM
Unknown Object (File)
Mon, Nov 4, 4:45 PM
Unknown Object (File)
Oct 25 2024, 6:18 PM
Unknown Object (File)
Oct 23 2024, 8:50 PM
Unknown Object (File)
Oct 17 2024, 5:18 AM
Unknown Object (File)
Oct 12 2024, 11:40 AM
Subscribers

Details

Summary

Ref T4443. In addition to performing upgrades from, e.g., md5 -> bcrypt, also allow sidegrades from, e.g., bcrypt(cost=11) to bcrypt(cost=12). This allows us to, for example, bump the cost function every 18 months and stay on par with Moore's law, on average.

I'm also allowing "upgrades" which technically reduce cost, but this seems like the right thing to do (i.e., generally migrate password storage so it's all uniform, on average).

Test Plan
  • Fiddled the bcrypt cost function and saw appropriate upgrade UI, and upgraded passwords upon password change.
  • Passwords still worked.
  • Around cost=13 or 14 things start getting noticibly slow, so bcrypt does actually work. Such wow.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped