Rake: Expand hash validation to support FIPS migration scenarios
What does this MR do and why?
Rake: Expand hash validation to support FIPS migration scenarios
Enhanced gitlab:password:fips_check_salts to validate both PBKDF2
and bcrypt password hashes during non-FIPS to FIPS migrations.
Previously, the task only validated PBKDF2 hashes and salt lengths. However, instances migrating from non-FIPS environments may have bcrypt passwords requiring migration.
The updated rake task now validates:
- Hash strategy compliance
- Work factor requirements (bcrypt hashes)
- Salt length specifications (PBKDF2 hashes)
Closes #574605
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #574605