michael.heier/jellyfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Increase password hash iterations

Browse Source 
It has been a while since this was last updated: https://github.com/jellyfin/jellyfin/pull/6818
Recommendations have changed since: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
This commit is contained in:
Bond_009 2024-08-30 19:26:48 +02:00
parent 7207749044
commit e69e097e19
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
View File

@ -1,9 +1,11 @@
using System; using System;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Authentication;
using MediaBrowser.Model.Cryptography; using MediaBrowser.Model.Cryptography;
using Microsoft.Extensions.Logging;
namespace Jellyfin.Server.Implementations.Users namespace Jellyfin.Server.Implementations.Users
{ {
@ -12,14 +14,17 @@ namespace Jellyfin.Server.Implementations.Users
/// </summary> /// </summary>
public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
{ {
private readonly ILogger<DefaultAuthenticationProvider> _logger;
private readonly ICryptoProvider _cryptographyProvider; private readonly ICryptoProvider _cryptographyProvider;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class. /// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
/// </summary> /// </summary>
/// <param name="logger">The logger.</param>
/// <param name="cryptographyProvider">The cryptography provider.</param> /// <param name="cryptographyProvider">The cryptography provider.</param>
public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider) public DefaultAuthenticationProvider(ILogger<DefaultAuthenticationProvider> logger, ICryptoProvider cryptographyProvider)
{ {
_logger = logger;
_cryptographyProvider = cryptographyProvider; _cryptographyProvider = cryptographyProvider;
} }
@ -75,8 +80,10 @@ namespace Jellyfin.Server.Implementations.Users
} }
// Migrate old hashes to the new default // Migrate old hashes to the new default
if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)) if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)
|| int.Parse(readyHash.Parameters["iterations"], CultureInfo.InvariantCulture) != Constants.DefaultIterations)
{ {
_logger.LogInformation("Migrating password hash of {User} to the latest default", username);
ChangePassword(resolvedUser, password); ChangePassword(resolvedUser, password);
} }

2
MediaBrowser.Model/Cryptography/Constants.cs
View File

@ -18,6 +18,6 @@ namespace MediaBrowser.Model.Cryptography
/// <summary> /// <summary>
/// The default amount of iterations for hashing passwords. /// The default amount of iterations for hashing passwords.
/// </summary> /// </summary>
public const int DefaultIterations = 120000; public const int DefaultIterations = 210000;
} }
} }