[Pkg-owncloud-commits] [owncloud-doc] 53/71: hard limit on password length
David Prévot
taffit at moszumanska.debian.org
Sun May 31 01:58:41 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud-doc.
commit 457d112001f597ff42e5c0aa713e4a897b83dd97
Author: Carla Schroder <carla at owncloud.com>
Date: Wed May 6 17:29:54 2015 -0700
hard limit on password length
---
admin_manual/configuration/harden_server.rst | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/admin_manual/configuration/harden_server.rst b/admin_manual/configuration/harden_server.rst
index 1fb73d0..40814b2 100644
--- a/admin_manual/configuration/harden_server.rst
+++ b/admin_manual/configuration/harden_server.rst
@@ -11,6 +11,11 @@ This document lists some security hardenings which require manual interaction by
administrators. The whole document content is based on the assumption that you
run ownCloud Server on Apache2 on a Linux environment.
+Limit on Password Length
+------------------------
+
+ownCloud uses the bcrypt algorithm and thus for security and performance reasons, e.g. Denial of Service as CPU demand increases exponentially, it only verifies the first 72 characters of passwords. This applies to all passwords that you use in ownCloud: user passwords, passwords on link shares, and passwords on external shares.
+
Operating system
----------------
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git
More information about the Pkg-owncloud-commits
mailing list