From ef29ac433939dc3a994540e063f410554e38a0b2 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 9 Dec 2014 18:39:55 +0100
Subject: Fix generation of Blowfish-based password hashes (#1490184)

Added password_blowfish_cost config option.
---
 plugins/password/config.inc.php.dist | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'plugins/password/config.inc.php.dist')

diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 94c4368fe..cf021020f 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -95,6 +95,11 @@ $config['password_hash_algorithm'] = 'sha1';
 // as hex string or in base64 encoded format.
 $config['password_hash_base64'] = false;
 
+// Iteration count parameter for Blowfish-based hashing algo.
+// It must be between 4 and 31. Default: 12.
+// Be aware, the higher the value, the longer it takes to generate the password hashes.
+$config['password_blowfish_cost'] = 12;
+
 
 // Poppassd Driver options
 // -----------------------
-- 
cgit v1.2.3