[PR #6818] [MERGED] Replace PBKDF2-SHA1 with PBKDF2-SHA512 #11142

Closed
opened 2026-02-07 06:33:14 +03:00 by OVERLORD · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/jellyfin/jellyfin/pull/6818
Author: @Bond-009
Created: 11/11/2021
Status: Merged
Merged: 11/14/2021
Merged by: @crobibero

Base: masterHead: password


📝 Commits (1)

  • 5265b3e Replace PBKDF2-SHA1 with PBKDF2-SHA512

📊 Changes

9 files changed (+88 additions, -113 deletions)

View changed files

📝 Emby.Server.Implementations/Cryptography/CryptographyProvider.cs (+55 -35)
📝 Emby.Server.Implementations/LiveTv/Listings/SchedulesDirect.cs (+2 -1)
📝 Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs (+11 -24)
📝 Jellyfin.Server.Implementations/Users/UserManager.cs (+1 -7)
MediaBrowser.Common/Cryptography/CryptoExtensions.cs (+0 -35)
📝 MediaBrowser.Model/Cryptography/Constants.cs (+8 -3)
📝 MediaBrowser.Model/Cryptography/ICryptoProvider.cs (+8 -5)
📝 MediaBrowser.Model/Cryptography/PasswordHash.cs (+1 -1)
📝 tests/Jellyfin.Model.Tests/Cryptography/PasswordHashTests.cs (+2 -2)

📄 Description

This also migrates already created passwords on login

Source for the number of iterations:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jellyfin/jellyfin/pull/6818 **Author:** [@Bond-009](https://github.com/Bond-009) **Created:** 11/11/2021 **Status:** ✅ Merged **Merged:** 11/14/2021 **Merged by:** [@crobibero](https://github.com/crobibero) **Base:** `master` ← **Head:** `password` --- ### 📝 Commits (1) - [`5265b3e`](https://github.com/jellyfin/jellyfin/commit/5265b3eee794762b4de39a68b5bfbf767faaac36) Replace PBKDF2-SHA1 with PBKDF2-SHA512 ### 📊 Changes **9 files changed** (+88 additions, -113 deletions) <details> <summary>View changed files</summary> 📝 `Emby.Server.Implementations/Cryptography/CryptographyProvider.cs` (+55 -35) 📝 `Emby.Server.Implementations/LiveTv/Listings/SchedulesDirect.cs` (+2 -1) 📝 `Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs` (+11 -24) 📝 `Jellyfin.Server.Implementations/Users/UserManager.cs` (+1 -7) ➖ `MediaBrowser.Common/Cryptography/CryptoExtensions.cs` (+0 -35) 📝 `MediaBrowser.Model/Cryptography/Constants.cs` (+8 -3) 📝 `MediaBrowser.Model/Cryptography/ICryptoProvider.cs` (+8 -5) 📝 `MediaBrowser.Model/Cryptography/PasswordHash.cs` (+1 -1) 📝 `tests/Jellyfin.Model.Tests/Cryptography/PasswordHashTests.cs` (+2 -2) </details> ### 📄 Description This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-07 06:33:14 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#11142