Hi Ram, On Sunday, September 15, 2013 12:34:03 PM UTC+2, Ram Rachum wrote: > > Florian, I'm not sure that you read my message carefully enough. I'm *not > *proposing to reduce the time that PBKDF2 takes to hash. >
By replacing the password with a hash before running it through PBKDF2 you are reducing that time for every password longer than the hash… And given the way PBKDF2 works you'll reduce it by quite a bit (note that all of this only applies to passwords longer than the hash, so it's probably pretty academical). Either way, we'd at least need a new hasher class since it would be backwards incompatible. Independent of that we'd have to evaluate if pre-hashing the password could make PBKDF2 less secure (probably not to likely, but who knows). Florian -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
