[Django Code] #5787: BCrypt password hashing support in Django

Sat, 20 Oct 2007 12:19:13 -0700 

#5787: BCrypt password hashing support in Django
-----------------------+----------------------------------------------------
Reporter:  ekarulf     |       Owner:  [EMAIL PROTECTED]               
  Status:  new         |   Component:  Contrib apps                  
 Version:  SVN         |    Keywords:  bcrypt hash password auth user
   Stage:  Unreviewed  |   Has_patch:  1                             
-----------------------+----------------------------------------------------
 '''About the ''bcrypt'' algorithm'''
  * The algorithm is designed to replace traditional password hashing
 algorithms by the OpenBSD group
  * The algorithm is significantly more secure than traditional crypt, md5
 and sha1 hashing algorithms
  * The algorithm manages salt generation automatically
  * The algorithm allows for user configurable levels of algorithm
 complexity, allowing the algorithm to grow in complexity to match growth
 in CPU speeds
  * Links:
    * OpenBSD Whitepaper on ''bcrypt'' : [http://www.openbsd.org/papers
 /bcrypt-paper.ps bcrypt-paper.ps]
    * py-bcrypt : [http://www.mindrot.org/projects/py-bcrypt/ project home
 page]
    * Review of password storage by Matasano security group:
 [http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-
 need-to-know-about-secure-password-schemes/ review]

 '''About the patch'''
  * The patch introduces no backwards incompatible changes
  * The patch allows for use of the bcrypt algorithm iff the bcrypt module
 is available
  * The patch introduces two new settings :
    * '''PREFERRED_HASH''' - The preferred hash algorithm for storing
 passwords (default: 'sha1')
    * '''BCRYPT_LOG_ROUNDS''' - The number of rounds determines the
 complexity of the bcrypt algorithm (default: 12)
  * The patch moves the encryption formats out of the user model entirely
  * The patch has been tested against Python 2.4 / OS X (10.4)
  * The patch updates the relevant documentation according to the style
 guidelines

-- 
Ticket URL: <http://code.djangoproject.com/ticket/5787>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to