diff options
author | Mark Haines <mjark@negativecurvature.net> | 2015-10-16 17:05:21 +0100 |
---|---|---|
committer | Mark Haines <mjark@negativecurvature.net> | 2015-10-16 17:05:21 +0100 |
commit | b19b9535f6146a745e22b661fa5a94ab15887184 (patch) | |
tree | 4800b6821afcd711e694592e0943a8e7889f0705 /synapse | |
parent | Merge pull request #311 from matrix-org/markjh/postgres_fixes (diff) | |
parent | Add config for how many bcrypt rounds to use for password hashes (diff) | |
download | synapse-b19b9535f6146a745e22b661fa5a94ab15887184.tar.xz |
Merge pull request #310 from matrix-org/markjh/bcrypt_rounds
Add config for how many bcrypt rounds to use for password hashes
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/config/registration.py | 6 | ||||
-rw-r--r-- | synapse/handlers/auth.py | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py index fa98eced34..f5ef36a9f4 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -33,6 +33,7 @@ class RegistrationConfig(Config): self.registration_shared_secret = config.get("registration_shared_secret") self.macaroon_secret_key = config.get("macaroon_secret_key") + self.bcrypt_rounds = config.get("bcrypt_rounds", 12) def default_config(self, **kwargs): registration_shared_secret = random_string_with_symbols(50) @@ -48,6 +49,11 @@ class RegistrationConfig(Config): registration_shared_secret: "%(registration_shared_secret)s" macaroon_secret_key: "%(macaroon_secret_key)s" + + # Set the number of bcrypt rounds used to generate password hash. + # Larger numbers increase the work factor needed to generate the hash. + # The default number of rounds is 12. + bcrypt_rounds: 12 """ % locals() def add_arguments(self, parser): diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 484f719253..055d395b20 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -44,6 +44,7 @@ class AuthHandler(BaseHandler): LoginType.EMAIL_IDENTITY: self._check_email_identity, LoginType.DUMMY: self._check_dummy_auth, } + self.bcrypt_rounds = hs.config.bcrypt_rounds self.sessions = {} @defer.inlineCallbacks @@ -432,7 +433,7 @@ class AuthHandler(BaseHandler): Returns: Hashed password (str). """ - return bcrypt.hashpw(password, bcrypt.gensalt()) + return bcrypt.hashpw(password, bcrypt.gensalt(self.bcrypt_rounds)) def validate_hash(self, password, stored_hash): """Validates that self.hash(password) == stored_hash. |