diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2021-02-14 01:03:29 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-13 18:03:29 +0100 |
| commit | 5e4fa7c703726cfc18ce8741a5d829173f3fec5c (patch) | |
| tree | f8e6f1965d04f5f39979a269f95d260b351a9b89 | |
| parent | ed834126a67aabbe027495d6a79fe415a4be7890 (diff) | |
| download | gitea-5e4fa7c703726cfc18ce8741a5d829173f3fec5c.tar.gz gitea-5e4fa7c703726cfc18ce8741a5d829173f3fec5c.zip | |
Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one (#14673)
* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one
* Add a warning on document
| -rw-r--r-- | custom/conf/app.example.ini | 2 | ||||
| -rw-r--r-- | docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 | ||||
| -rw-r--r-- | modules/setting/setting.go | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 747173b5ae..276b3cb5e8 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -565,7 +565,7 @@ ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true ;Classes include "lower,upper,digit,spec" PASSWORD_COMPLEXITY = off ; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt" -PASSWORD_HASH_ALGO = argon2 +PASSWORD_HASH_ALGO = pbkdf2 ; Set false to allow JavaScript to read CSRF cookie CSRF_COOKIE_HTTP_ONLY = true ; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index b65f59ce0c..2c4d01102c 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -401,7 +401,7 @@ relation to port exhaustion. - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary. - `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`) -- `PASSWORD_HASH_ALGO`: **argon2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\]. +- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others. - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie. - `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users. - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off): diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 54ddb6937c..be7ec16e10 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -804,7 +804,7 @@ func NewContext() { DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true) DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false) OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true) - PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2") + PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false) |