From 2431100c8b0d5144f5a9295e7913afc2fef078fc Mon Sep 17 00:00:00 2001 From: mrkkrp Date: Thu, 3 Dec 2015 00:08:40 +0600 Subject: [PATCH 1/2] Fix a typo --- yesod-auth/Yesod/PasswordStore.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yesod-auth/Yesod/PasswordStore.hs b/yesod-auth/Yesod/PasswordStore.hs index 11c18f08..2bcfc503 100755 --- a/yesod-auth/Yesod/PasswordStore.hs +++ b/yesod-auth/Yesod/PasswordStore.hs @@ -38,7 +38,7 @@ -- > >>> makePassword "hunter2" 14 -- > "sha256|14|Zo4LdZGrv/HYNAUG3q8WcA==|zKjbHZoTpuPLp1lh6ATolWGIKjhXvY4TysuKvqtNFyk=" -- --- This will hash the password @\"hunter2\"@, with strength 12, which is a good +-- This will hash the password @\"hunter2\"@, with strength 14, which is a good -- default value. The strength here determines how long the hashing will -- take. When doing the hashing, we iterate the SHA256 hash function -- @2^strength@ times, so increasing the strength by 1 makes the hashing take From 1976e90be9df74728af3047e88aac0e70d64a798 Mon Sep 17 00:00:00 2001 From: mrkkrp Date: Thu, 3 Dec 2015 00:08:51 +0600 Subject: [PATCH 2/2] Bump password strength to compensate 2 years Computers are now faster than in 2013. --- yesod-auth/Yesod/Auth/Email.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yesod-auth/Yesod/Auth/Email.hs b/yesod-auth/Yesod/Auth/Email.hs index 441d57fe..1b94c411 100644 --- a/yesod-auth/Yesod/Auth/Email.hs +++ b/yesod-auth/Yesod/Auth/Email.hs @@ -549,7 +549,7 @@ saltLength = 5 -- | Salt a password with a randomly generated salt. saltPass :: Text -> IO Text saltPass = fmap (decodeUtf8With lenientDecode) - . flip PS.makePassword 14 + . flip PS.makePassword 16 . encodeUtf8 saltPass' :: String -> String -> String