diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-26 19:19:23 +0000 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-26 19:19:23 +0000 |
commit | 840540e33b335bee01d79521a674b8710d89d265 (patch) | |
tree | d00ca6a4da104b05f1cfd4afd2ea44f7a89757a5 | |
parent | abfdc8f2aff4630ee43621a8590674b49f883b75 (diff) | |
parent | a6d04d48697270b61b3a57e15a87c97c0fc6e355 (diff) | |
download | gitlab-ce-840540e33b335bee01d79521a674b8710d89d265.tar.gz |
Merge branch 'docs-password-storage' into 'master'
Document how GitLab stores passwords
See merge request gitlab-org/gitlab-ce!32077
-rw-r--r-- | doc/security/README.md | 1 | ||||
-rw-r--r-- | doc/security/password_storage.md | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/doc/security/README.md b/doc/security/README.md index 5d498ac7602..e3fb07c69c2 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -5,6 +5,7 @@ type: index # Security +- [Password storage](password_storage.md) - [Password length limits](password_length_limits.md) - [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md) - [Rate limits](rate_limits.md) diff --git a/doc/security/password_storage.md b/doc/security/password_storage.md new file mode 100644 index 00000000000..f4e32f96f7b --- /dev/null +++ b/doc/security/password_storage.md @@ -0,0 +1,13 @@ +--- +type: reference +--- + +# Password Storage + +GitLab stores user passwords in a hashed format, to prevent passwords from being visible. + +GitLab uses the [Devise](https://github.com/plataformatec/devise) authentication library, which handles the hashing of user passwords. Password hashes are created with the following attributes: + +- **Hashing**: the [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) hashing function is used to generate the hash of the provided password. This is a strong, industry-standard cryptographic hashing function. +- **Stretching**: Password hashes are [stretched](https://en.wikipedia.org/wiki/Key_stretching) to harden against brute-force attacks. GitLab uses a stretching factor of 10 by default. +- **Salting**: A [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) is added to each password to harden against pre-computed hash and dictionary attacks. Each salt is randomly generated for each password, so that no two passwords share a salt, to further increase security. |