From b1b8f74c1ebda4e51f28987deb99341367d20900 Mon Sep 17 00:00:00 2001 From: zeripath Date: Thu, 3 Sep 2020 19:58:31 +0100 Subject: [PATCH] Use argon as default password hash algorithm (#12688) * Restrict TLS connections to 1.2 minimum * Set Argon2 as the default KDF * Fix user.yml * Remove TLS minversion changes Signed-off-by: Andrew Thornton * Add migration as per @techknowlogick Signed-off-by: Andrew Thornton * set the password algo in the fixtures Signed-off-by: Andrew Thornton * Remove the v148 migration - it needs recreate table to change the defaults Signed-off-by: Andrew Thornton Co-authored-by: Nadim Kobeissi --- doc/advanced/config-cheat-sheet.en-us.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md index 4401c59b..f86415c2 100644 --- a/doc/advanced/config-cheat-sheet.en-us.md +++ b/doc/advanced/config-cheat-sheet.en-us.md @@ -325,7 +325,7 @@ set name for unique queues. Individual queues will default to - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. - `INTERNAL_TOKEN`: **\**: Secret used to validate communication within Gitea binary. - `INTERNAL_TOKEN_URI`: ****: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`) -- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\]. +- `PASSWORD_HASH_ALGO`: **argon2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\]. - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie. - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off): - lower - use one or more lower latin characters