Reduce cost factor for hashing passwords

* Also reduce memory cost
2016-05-19 20:24:22 -07:00
parent b70363e005
commit a3f0a78df0
2 changed files with 2 additions and 2 deletions
--- a/lib/hashing_passwords.py
+++ b/lib/hashing_passwords.py
@@ -32,7 +32,7 @@ HASH_FUNCTION = 'sha256'  # Must be in hashlib.
 # Linear to the hashing time. Adjust to be high but take a reasonable
 # amount of time on your server. Measure with:
 # python -m timeit -s 'import passwords as p' 'p.make_hash("something")'
-COST_FACTOR = 29000
+COST_FACTOR = 10000


 def make_hash(password):
--- a/lib/pbkdf2.py
+++ b/lib/pbkdf2.py
@@ -72,7 +72,7 @@ def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
        rv = u = _pseudorandom(salt + _pack_int(block))
        for i in xrange(iterations - 1):
            u = _pseudorandom(''.join(map(chr, u)))
-            rv = starmap(xor, izip(rv, u))
+            rv = list(starmap(xor, izip(rv, u)))
        buf.extend(rv)
    return ''.join(map(chr, buf))[:keylen]