From 7cf3abc850ca3cd335203a5654d801e58a2cc816 Mon Sep 17 00:00:00 2001 From: Blake Blackshear Date: Thu, 9 May 2024 06:22:51 -0500 Subject: [PATCH] set hash iterations to current OWASP recommendation --- frigate/api/auth.py | 2 +- frigate/config.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/frigate/api/auth.py b/frigate/api/auth.py index 5513e3ef7..7e493da22 100644 --- a/frigate/api/auth.py +++ b/frigate/api/auth.py @@ -87,7 +87,7 @@ def get_jwt_secret() -> str: return jwt_secret -def hash_password(password, salt=None, iterations=260000): +def hash_password(password, salt=None, iterations=600000): if salt is None: salt = secrets.token_hex(16) assert salt and isinstance(salt, str) and "$" not in salt diff --git a/frigate/config.py b/frigate/config.py index c89447242..f7546d070 100644 --- a/frigate/config.py +++ b/frigate/config.py @@ -140,7 +140,8 @@ class AuthConfig(FrigateBaseModel): default="1/second;5/minute;20/hour", title="Rate limits for failed login attempts.", ) - users: Optional[List[UserConfig]] = Field(default=[], title="Users") + # As of Feb 2023, OWASP recommends 600000 iterations for PBKDF2-SHA256 + hash_iterations: int = Field(default=600000, title="Password hash iterations") class StatsConfig(FrigateBaseModel):