[tokkee]

tokkee.org

Code

projects / roundup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
more verbose description of password hashing, thanks to Eli Collins
[roundup.git] / roundup / configuration.py
diff --git a/roundup/configuration.py b/roundup/configuration.py
index aa5ab850556f8f9d6167be86a6048ebf1973d09f..ab43ca5f3f7a62f81392e2bf636b537ba716feda 100644 (file)
--- a/roundup/configuration.py
+++ b/roundup/configuration.py
@@ -540,7 +540,19 @@ SETTINGS = (
         (IntegerNumberOption, 'password_pbkdf2_default_rounds', '10000',
             "Sets the default number of rounds used when encoding passwords\n"
             "using the PBKDF2 scheme. Set this to a higher value on faster\n"
-            "systems which want more security."),
+            "systems which want more security.\n"
+            "PBKDF2 (Password-Based Key Derivation Function) is a\n"
+            "password hashing mechanism that derives hash from the\n"
+            "password and a random salt. For authentication this process\n"
+            "is repeated with the same salt as in the stored hash.\n"
+            "If both hashes match, the authentication succeeds.\n"
+            "PBKDF2 supports a variable 'rounds' parameter which varies\n"
+            "the time-cost of calculating the hash - doubling the number\n"
+            "of rounds doubles the cpu time required to calculate it. The\n"
+            "purpose of this is to periodically adjust the rounds as CPUs\n"
+            "become faster. The currently enforced minimum number of\n"
+            "rounds is 1000.\n"
+            "See: http://en.wikipedia.org/wiki/PBKDF2 and RFC2898"),
     )),
     ("tracker", (
         (Option, "name", "Roundup issue tracker",
Roundup Issue Tracker (SVN clone)