)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"4f6d29bcd36fb89eb5f9abc734c13a3561000fce","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"f5e4f33b_9373264b","updated":"2024-11-13 16:17:09.000000000","message":"I found another interesting article comparing scrypt with hmac-sha256 describing their purposes and differences: https://compare-hashing-algorithms.mojoauth.com/hmac-sha256-vs-scrypt/\nAfter reading that article I feel myself more confirmed in hmac-sha256 instead of sliced scrypt. It is faster, less resource hungry (and this definitely matters for us) and used in many other similar use cases for logging the data and verifying authenticity.\n\nP.S. I abstain from -1 while I would +1 if you switch for hmac-sha256","commit_id":"d82e82b1a640de146e5d5e0d3939bf9ac898710e"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"4af9d85e_189ba0a2","in_reply_to":"f5e4f33b_9373264b","updated":"2025-01-15 14:33:44.000000000","message":"Sounds good. I\u0027ve updated the spec and implementation for HMAC-based hashing.","commit_id":"d82e82b1a640de146e5d5e0d3939bf9ac898710e"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"7e888aa7e6ba09a1308a9cd9f9a62dc337a733f4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"a1b01d0b_f38d4ae4","updated":"2024-12-06 14:31:26.000000000","message":"some improvement suggestions in the configuration section, otherwise good for me","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"e4e7c2ac516e65e379b2b30788e8278bbd987f84","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"1b3b5eba_ecd9be59","updated":"2025-01-10 14:33:17.000000000","message":"recheck","commit_id":"03af273f059b9f3d521867048400e5675d4dbb80"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"e3cb34b7092bb9b4fc0967e93b272f832786ebfc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"32c7c37b_da0f94d8","updated":"2025-01-17 14:12:58.000000000","message":"still config option name is very misleading from my pov","commit_id":"03af273f059b9f3d521867048400e5675d4dbb80"}],"specs/keystone/backlog/pci-dss-bad-password-reporting.rst":[{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"5125fc63172b2881182c0e88d5f753cd300e50ae","unresolved":true,"context_lines":[{"line_number":139,"context_line":""},{"line_number":140,"context_line":"* ``bad_password_include_in_notifications`` - to activate the feature"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"* ``bad_password_hash_algorithm``"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"* ``bad_password_max_hashed_chars`` - integer, number of characters to include"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"43c87446_36830692","line":142,"updated":"2024-10-15 13:13:44.000000000","message":"Please specify which algo will be used by default and which will be available","commit_id":"a320ef4df965966f1a54f5174ba17ffa5a70126a"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[{"line_number":139,"context_line":""},{"line_number":140,"context_line":"* ``bad_password_include_in_notifications`` - to activate the feature"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"* ``bad_password_hash_algorithm``"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"* ``bad_password_max_hashed_chars`` - integer, number of characters to include"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"33859bc9_26a1e147","line":142,"in_reply_to":"43c87446_36830692","updated":"2025-01-15 14:33:44.000000000","message":"Updated and available in the Patchset 4","commit_id":"a320ef4df965966f1a54f5174ba17ffa5a70126a"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"5125fc63172b2881182c0e88d5f753cd300e50ae","unresolved":true,"context_lines":[{"line_number":180,"context_line":"References"},{"line_number":181,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":2,"id":"4d7ba971_9fdfb32a","line":183,"updated":"2024-10-15 13:13:44.000000000","message":"It would be good to mention here, that there are some industry-accepted ways for similar operations. For example, https://haveibeenpwned.com/API/v3#PwnedPasswords suggests providing 5 characters of sha-1.","commit_id":"a320ef4df965966f1a54f5174ba17ffa5a70126a"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[{"line_number":180,"context_line":"References"},{"line_number":181,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":2,"id":"18e4767c_7011e79b","line":183,"in_reply_to":"4d7ba971_9fdfb32a","updated":"2025-01-15 14:33:44.000000000","message":"Updated and available in the Patchset 4","commit_id":"a320ef4df965966f1a54f5174ba17ffa5a70126a"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"aa9285c2fbc9d8be4ecb1411585fff8672b53426","unresolved":true,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Include bad password details in audit messages"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bug #2060972 \u003chttps://bugs.launchpad.net/keystone/+bug/2060972\u003e`_"}],"source_content_type":"text/x-rst","patch_set":6,"id":"c0c6e14a_38b0ebb4","line":8,"updated":"2024-10-23 14:35:11.000000000","message":"I wonder if the word \"bad\" here (and further) should be changed to something clearer. \"incorrect\" password maybe? \"wrong\" password? Not sure. Maybe even \"Include details of incorrect password in audit messages\"?","commit_id":"b86497a360e97c792a2fb2230392f210b6795bf2"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Include bad password details in audit messages"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bug #2060972 \u003chttps://bugs.launchpad.net/keystone/+bug/2060972\u003e`_"}],"source_content_type":"text/x-rst","patch_set":6,"id":"0cc3506c_37eaed95","line":8,"in_reply_to":"c0c6e14a_38b0ebb4","updated":"2025-01-15 14:33:44.000000000","message":"Keystone is using \"Invalid user / password\" in the corresponding code, so perhaps \"invalid\" would be an option as well","commit_id":"b86497a360e97c792a2fb2230392f210b6795bf2"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"aa9285c2fbc9d8be4ecb1411585fff8672b53426","unresolved":true,"context_lines":[{"line_number":245,"context_line":"  \u003chttps://docs.python.org/3/library/hashlib.html#hash-algorithms\u003e`_, and"},{"line_number":246,"context_line":"  default value of ``blake2b`` (see :ref:`performance-impact`)"},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"* ``bad_password_hash_personalization`` - to apply `personalization salt"},{"line_number":249,"context_line":"  \u003chttps://docs.python.org/3/library/hashlib.html#personalization\u003e`_ when"},{"line_number":250,"context_line":"  generating password hashes to make them distinct from any other Keystone"},{"line_number":251,"context_line":"  installations out there. Required, when feature is activated."}],"source_content_type":"text/x-rst","patch_set":6,"id":"b4236395_d5c002ec","line":248,"updated":"2024-10-23 14:35:11.000000000","message":"I don\u0027t understand what this option will do. Shall we still add usernames as hash personalization? This option should be better described in the proposed change above.","commit_id":"b86497a360e97c792a2fb2230392f210b6795bf2"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[{"line_number":245,"context_line":"  \u003chttps://docs.python.org/3/library/hashlib.html#hash-algorithms\u003e`_, and"},{"line_number":246,"context_line":"  default value of ``blake2b`` (see :ref:`performance-impact`)"},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"* ``bad_password_hash_personalization`` - to apply `personalization salt"},{"line_number":249,"context_line":"  \u003chttps://docs.python.org/3/library/hashlib.html#personalization\u003e`_ when"},{"line_number":250,"context_line":"  generating password hashes to make them distinct from any other Keystone"},{"line_number":251,"context_line":"  installations out there. Required, when feature is activated."}],"source_content_type":"text/x-rst","patch_set":6,"id":"17d2e193_b55899c2","line":248,"in_reply_to":"b4236395_d5c002ec","updated":"2025-01-15 14:33:44.000000000","message":"It\u0027s described at the URL that follows + a bit more in the linked implementation WIP https://review.opendev.org/c/openstack/keystone/+/932423/2/keystone/conf/security_compliance.py. It may make sense to expand *why* is it important to have it (which problem does it solve) though. I\u0027ll do it.","commit_id":"b86497a360e97c792a2fb2230392f210b6795bf2"}],"specs/keystone/backlog/pci-dss-invalid-password-reporting.rst":[{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"7e888aa7e6ba09a1308a9cd9f9a62dc337a733f4","unresolved":true,"context_lines":[{"line_number":275,"context_line":""},{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"}],"source_content_type":"text/x-rst","patch_set":10,"id":"0270700d_3a3cb9f8","line":278,"updated":"2024-12-06 14:31:26.000000000","message":"overall the feature is about logging invalid password hashes, name \u0027invalid_password_hash\u0027 is misleading without lot of comments in the config","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":true,"context_lines":[{"line_number":275,"context_line":""},{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"}],"source_content_type":"text/x-rst","patch_set":10,"id":"4f4c0f48_10689617","line":278,"in_reply_to":"0270700d_3a3cb9f8","updated":"2025-01-15 14:33:44.000000000","message":"Answering to both: this one, and another comment about enable/disable vs include (https://review.opendev.org/c/openstack/keystone-specs/+/915482/comment/ffb9530a_88e19f52/).\n\nSo indeed, the feature is about (optionally) including hash of invalid password in audit notifications. Thus I\u0027m confused about\n\n\u003e name \u0027invalid_password_hash\u0027 is misleading without lot of comments in the config\n\nWhat could be a better \"common\" name for the options?\n\nOriginally I thought of something like:\n\n```\nenable_invalid_password_hash_in_notifications\n```\n\nbut it\u0027s too lengthy IMHO (and would perhaps require a different `dest` (https://docs.openstack.org/oslo.config/latest/reference/api/oslo_config.html#oslo_config.cfg.Opt) or other way of aliasing).\n\nAnother consideration was to use `include` instead of `enable` to make it distinct that the feature doesn\u0027t \"enable notifications\" - it merely controls inclusion of the hash in them (if notifications are enabled).\n\nI also checked other Keystone options, and `enable` isn\u0027t referenced anywhere - there was one case of `_enabled` though.\n\nWould you give some suggestions?","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"1d8a169d543b48a2f5da5c2d8fe17ab473a87196","unresolved":false,"context_lines":[{"line_number":275,"context_line":""},{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"}],"source_content_type":"text/x-rst","patch_set":10,"id":"8bc9e8e6_bab9beed","line":278,"in_reply_to":"4f4c0f48_10689617","updated":"2025-01-22 16:32:54.000000000","message":"Done","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"7e888aa7e6ba09a1308a9cd9f9a62dc337a733f4","unresolved":true,"context_lines":[{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"},{"line_number":282,"context_line":"  when generating password hashes to make them unique and distinct from any"}],"source_content_type":"text/x-rst","patch_set":10,"id":"ffb9530a_88e19f52","line":279,"updated":"2024-12-06 14:31:26.000000000","message":"config option name is very misleading. enable/disable would be better then \"include\"","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"f5386b5feec94345708daf5005b1a9c3debd3c07","unresolved":true,"context_lines":[{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"},{"line_number":282,"context_line":"  when generating password hashes to make them unique and distinct from any"}],"source_content_type":"text/x-rst","patch_set":10,"id":"a1bcd42b_d5aced1d","line":279,"in_reply_to":"6c0a136b_5c810dc1","updated":"2025-01-21 13:56:53.000000000","message":"`log_invalid_password_hash` looks good - I pushed an updated to use this option name.\n\nIn case `log` part may still appear misleading, there are a couple of other alternatives to consider to make it more \"neutral\":\n* `include_invalid_password_hash`\n* `report_invalid_password_hash`\n* `record_invalid_password_hash`\n\nWhen it comes to implementation, it could indeed allow for multiple reporting destinations with something like:\n\n```\ncfg.ListOpt(\n    item_type\u003dcfg.types.String(\n        choices\u003d[\n            (\"audit\", \"desc1\"),\n            (\"log\", \"desc2\")\n        ]\n    ),\n```","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"1d8a169d543b48a2f5da5c2d8fe17ab473a87196","unresolved":false,"context_lines":[{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"},{"line_number":282,"context_line":"  when generating password hashes to make them unique and distinct from any"}],"source_content_type":"text/x-rst","patch_set":10,"id":"d0c74254_41cb6d2e","line":279,"in_reply_to":"a1bcd42b_d5aced1d","updated":"2025-01-22 16:32:54.000000000","message":"Updated to `report_invalid_password_hash` as discussed during the weekly meeting","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"e3cb34b7092bb9b4fc0967e93b272f832786ebfc","unresolved":true,"context_lines":[{"line_number":276,"context_line":"If the feature is wanted, the following options are available in the"},{"line_number":277,"context_line":"``security_compliance`` section:"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"* ``invalid_password_hash_include`` - to activate the feature."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"* ``invalid_password_hash_secret_key`` - to apply HMAC secret key [#pepper]_"},{"line_number":282,"context_line":"  when generating password hashes to make them unique and distinct from any"}],"source_content_type":"text/x-rst","patch_set":10,"id":"6c0a136b_5c810dc1","line":279,"in_reply_to":"ffb9530a_88e19f52","updated":"2025-01-17 14:12:58.000000000","message":"what about `log_invalid_password_hash`? It doesn\u0027t necessarily mean \"log\" but we could also include it in the log file itself (in addition to the audit event)","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"7e888aa7e6ba09a1308a9cd9f9a62dc337a733f4","unresolved":true,"context_lines":[{"line_number":285,"context_line":"* ``invalid_password_hash_function`` - to define hash function to be used by"},{"line_number":286,"context_line":"  HMAC."},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"* ``invalid_password_hash_max_chars`` - to configure number of characters to"},{"line_number":289,"context_line":"  include. Default would be ``5``, returning 5 characters out of ``43``"},{"line_number":290,"context_line":"  characters of a full hash generated with other default parameters. ``\u003c1``"},{"line_number":291,"context_line":"  values of the option would cause the function to return full hash."}],"source_content_type":"text/x-rst","patch_set":10,"id":"675108b2_e1e78a87","line":288,"updated":"2024-12-06 14:31:26.000000000","message":"I think from practicality reasons it would be better to have this option work differently: when unset - log all chars, when set - use as limit. Using max_chars awith \u00270\u0027 to log all chars is very misleading","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"65633abc75bb54e54bf31bac75564227fefb682d","unresolved":true,"context_lines":[{"line_number":285,"context_line":"* ``invalid_password_hash_function`` - to define hash function to be used by"},{"line_number":286,"context_line":"  HMAC."},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"* ``invalid_password_hash_max_chars`` - to configure number of characters to"},{"line_number":289,"context_line":"  include. Default would be ``5``, returning 5 characters out of ``43``"},{"line_number":290,"context_line":"  characters of a full hash generated with other default parameters. ``\u003c1``"},{"line_number":291,"context_line":"  values of the option would cause the function to return full hash."}],"source_content_type":"text/x-rst","patch_set":10,"id":"cf9f42de_d00f1667","line":288,"in_reply_to":"675108b2_e1e78a87","updated":"2024-12-06 14:35:15.000000000","message":"I agree, by default this should log all characters by default and only limit when set.","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"},{"author":{"_account_id":37374,"name":"Stanislav Zaprudskiy","email":"s.zaprudskiy@sap.com","username":"stanislav-z"},"change_message_id":"5b19b4c2248f5dad02ffcc3dca78a2f4054eb99d","unresolved":false,"context_lines":[{"line_number":285,"context_line":"* ``invalid_password_hash_function`` - to define hash function to be used by"},{"line_number":286,"context_line":"  HMAC."},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"* ``invalid_password_hash_max_chars`` - to configure number of characters to"},{"line_number":289,"context_line":"  include. Default would be ``5``, returning 5 characters out of ``43``"},{"line_number":290,"context_line":"  characters of a full hash generated with other default parameters. ``\u003c1``"},{"line_number":291,"context_line":"  values of the option would cause the function to return full hash."}],"source_content_type":"text/x-rst","patch_set":10,"id":"3759d2e0_b6db5998","line":288,"in_reply_to":"cf9f42de_d00f1667","updated":"2025-01-15 14:33:44.000000000","message":"Done in the spec - but not yet in the implementation. Will include it into the implementation once other comments are sorted out.","commit_id":"071336a516cd57bcaa455b93947dbbdbd577752c"}]}