Bump CREDENTIAL_ROUNDS to 13

2025-10-30 17:47:55 +00:00 · 2025-02-09 17:18:47 +01:00
parent aecbd4632d
commit fc4225b330
3 changed files with 3 additions and 2 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -83,7 +83,7 @@ DEFAULT_CONFIG = {
    'SESSION_TIMEOUT': 3600,
    'PERMANENT_SESSION_LIFETIME': 30*24*3600,
    'SESSION_COOKIE_SECURE': None,
-    'CREDENTIAL_ROUNDS': 12,
+    'CREDENTIAL_ROUNDS': 13,
    'TLS_PERMISSIVE': True,
    'TZ': 'Etc/UTC',
    'DEFAULT_SPAM_THRESHOLD': 80,
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -221,7 +221,7 @@ The minimum length is 3 characters.
 This token must be passed as request header to the API as authentication token.
 This is a mandatory setting for using the RESTful API.

-The ``CREDENTIAL_ROUNDS`` (default: 12) setting is the number of rounds used by the
+The ``CREDENTIAL_ROUNDS`` (default: 13) setting is the number of rounds used by the
 password hashing scheme. The number of rounds can be reduced in case faster
 authentication is needed or increased when additional protection is desired.
 Keep in mind that this is a mitigation against offline attacks on password hashes,
--- a/towncrier/newsfragments/1753.feature
+++ b/towncrier/newsfragments/1753.feature
@@ -0,0 +1 @@
+Bump CREDENTIAL_ROUNDS to 13. If your system is too slow you may want to revert back to 12.
				`@@ -0,0 +1 @@`
				`Bump CREDENTIAL_ROUNDS to 13. If your system is too slow you may want to revert back to 12.`