diff options
author | Florian Zschocke <florian.zschocke@devolo.de> | 2019-11-06 12:39:55 +0100 |
---|---|---|
committer | Florian Zschocke <florian.zschocke@devolo.de> | 2019-11-06 12:39:55 +0100 |
commit | 719afbacd0b0e5333bbb72953a9df9d876b3ea33 (patch) | |
tree | aec9cd23760a20b40f02b942a2fe4b497b9a1b3c /src/main/distrib | |
parent | 41e6a701953c6f3ec0c4b2375426e4205a1c6a00 (diff) | |
parent | b85267c81bac8168186ec78dace3ef2ec6b8cf24 (diff) | |
download | gitblit-719afbacd0b0e5333bbb72953a9df9d876b3ea33.tar.gz gitblit-719afbacd0b0e5333bbb72953a9df9d876b3ea33.zip |
Merge branch 'pingunaut-1166_more_secure_password_hashes' into master.
Diffstat (limited to 'src/main/distrib')
-rw-r--r-- | src/main/distrib/data/defaults.properties | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 92d7456d..5dea6a0a 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -869,12 +869,14 @@ realm.userService = ${baseFolder}/users.conf realm.authenticationProviders = # How to store passwords. -# Valid values are plain, md5, or combined-md5. md5 is the hash of password. +# Valid values are plain, md5, combined-md5 or pbkdf2. +# md5 is the hash of password. # combined-md5 is the hash of username.toLowerCase()+password. -# Default is md5. +# pbkdf2 implements the PBKDF2 algorithm, which is a secure, salted password hashing scheme. +# Default is pbkdf2. Using plain, md5 or combined-md5 is deprecated, as these are insecure schemes by now. # # SINCE 0.5.0 -realm.passwordStorage = md5 +realm.passwordStorage = pbkdf2 # Minimum valid length for a plain text password. # Default value is 5. Absolute minimum is 4. |