#15367: Improved Auth Password Hashing
-------------------------------------+-------------------------------------
Reporter: poswald | Owner: jart
Type: New | Status: new
feature | Component: contrib.auth
Milestone: 1.4 | Severity: Normal
Version: | Keywords: password, hash,
Resolution: | hashing, bcrypt, scrypt, pbkdf2,
Triage Stage: Accepted | sha2, sha1
Needs documentation: 1 | Has patch: 1
Patch needs improvement: 1 | Needs tests: 1
UI/UX: 0 | Easy pickings: 0
-------------------------------------+-------------------------------------
Comment (by jezdez):
After talking to Carl on IRC, I'm sorry to say that I misunderstood the
reason why you used a list for the setting (to enforce an order of
precedence). Sp
So the `global_settings.py` would indeed have this::
{{{
PASSWORD_HASHERS = (
'django.utils.passhash.PBKDF2PasswordHasher',
'django.utils.passhash.BCryptPasswordHasher',
'django.utils.passhash.SHA1PasswordHasher',
'django.utils.passhash.MD5PasswordHasher',
'django.utils.passhash.CryptPasswordHasher',
)
}}}
and users could add their own implementation if needed:
{{{
PASSWORD_HASHERS = (
'mysite.security.MyCustomBCryptPasswordHasher',
'django.utils.passhash.PBKDF2PasswordHasher',
# etc
)
}}}
That said, I'm still convinced this should be part of the auth app and not
.
--
Ticket URL: <https://code.djangoproject.com/ticket/15367#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
