#31358: Increase default password salt size in BasePasswordHasher.
--------------------------------------+------------------------------------
Reporter: Jon Moroney | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by Jon Moroney):
> Ok, next step would be to use those new `decode` methods in the existing
cases where manual decoding happens (to reduce the duplication added by
this method).
I've updated the PR with what I think you mean by this for the pbkdf2
hasher. Let me know if that's what you're thinking and I'll do the rest,
else let me know what I misunderstood :)
> Then the next step would be to look into where and how we can implement
the update of the salt. Preferably without adding it to the `must_update`
individually. We could add a `salt_length` attribute and then adjust based
on that (which could be None for the unsalted variants).
I think this can be handled in the BasePasswordHasher unless a hasher
implements its own `must_update` logic and in that case it must be on a
case by case basis. As for the salt length do you propose adding a
`salt_length` field to the return from `decode`? I think it may just be
easier to use `len(salt)` and handle the case where salt is `None`.
--
Ticket URL: <https://code.djangoproject.com/ticket/31358#comment:31>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.320ad761c8fb3bc40095ac8b116b7302%40djangoproject.com.
