set hash iterations to current OWASP recommendation

2026-02-11 05:35:25 +03:00 · 2024-05-09 06:22:51 -05:00 · 2024-05-09 06:22:51 -05:00 · 7cf3abc850
commit 7cf3abc850
parent aa1d02de09
2 changed files with 3 additions and 2 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@ -87,7 +87,7 @@ def get_jwt_secret() -> str:
    return jwt_secret


-def hash_password(password, salt=None, iterations=260000):
+def hash_password(password, salt=None, iterations=600000):
    if salt is None:
        salt = secrets.token_hex(16)
    assert salt and isinstance(salt, str) and "$" not in salt
--- a/frigate/config.py
+++ b/frigate/config.py
@ -140,7 +140,8 @@ class AuthConfig(FrigateBaseModel):
        default="1/second;5/minute;20/hour",
        title="Rate limits for failed login attempts.",
    )
-    users: Optional[List[UserConfig]] = Field(default=[], title="Users")
+    # As of Feb 2023, OWASP recommends 600000 iterations for PBKDF2-SHA256
+    hash_iterations: int = Field(default=600000, title="Password hash iterations")


 class StatsConfig(FrigateBaseModel):