#31358: Increase default password salt size in BasePasswordHasher.
--------------------------------------+------------------------------------
Reporter: Jon Moroney | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by Jon Moroney):
Replying to [comment:13 felixxm]:
> I think we can assume that `safe_summary()` returns `salt` and if not
then salt's length is equal to 0.
I agree. Though I think it's better to assume that salt's length is
undefined if the safe_summary dict has no entry. Assuming zero will result
in 0 != self.salt_length and that will always trigger.
On my branch I've had to account for two cases to pass the tests
{{{
def must_update(self, encoded):
try:
return len(self.safe_summary(encoded)['salt']) !=
self.salt_length
except (KeyError, NotImplementedError):
return False
}}}
One is just the lack of a salt in the dict, but the second is that not all
derived classes implement `safe_summary`. I think it would be useful to
enforce an implementation if possible, but I'm not certain that's possible
in python and that's probably a separate PR anyway.
--
Ticket URL: <https://code.djangoproject.com/ticket/31358#comment:14>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.ceb3502469f35e974bb1e58e71a69705%40djangoproject.com.
