Hi Ram, On Sunday, September 15, 2013 12:34:03 PM UTC+2, Ram Rachum wrote: > > Florian, I'm not sure that you read my message carefully enough. I'm *not > *proposing to reduce the time that PBKDF2 takes to hash. >
By replacing the password with a hash before running it through PBKDF2 you are reducing that time for every password longer than the hash… And given the way PBKDF2 works you'll reduce it by quite a bit (note that all of this only applies to passwords longer than the hash, so it's probably pretty academical). Either way, we'd at least need a new hasher class since it would be backwards incompatible. Independent of that we'd have to evaluate if pre-hashing the password could make PBKDF2 less secure (probably not to likely, but who knows). Florian -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
