#4151: Patch to add support for more secure password hashes in Python 2.5 or
newer
----------------------------------------------+-----------------------------
Reporter: Nick Efford <[EMAIL PROTECTED]> | Owner: nobody
Status: new | Component: Contrib
apps
Version: SVN | Resolution:
Keywords: authentication, password, hash | Stage: Design
decision needed
Has_patch: 1 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 1
----------------------------------------------+-----------------------------
Comment (by SmileyChris):
Firstly, I disagree with jacob. There '''is''' a reason for not blindly
using the strongest hash available - if run on a Python 2.5 system, it
causes the Django auth component of the database to become ''dependent''
on Python 2.5.
Replying to the original description: [ticket:4151 Nick Efford
<[EMAIL PROTECTED]>]:
> (For SHA-512 to be supported, the {{{password}}} field of the {{{User}}}
model would need to be lengthened.)
Not true, just use a different encoding rather than hexidecimal:
{{{
>>> import hashlib
>>> from binascii import b2a_base64
>>> hsh = hashlib.new('sha512', 'test')
>>> len(hsh.hexdigest())
128
>>> len(b2a_base64(hsh.digest()).rstrip()) # rstrip because output
always ends in \n
88
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/4151#comment:7>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
