I suspect passwords were always salted and hashed, though things have improved over the years. In particular, PBKDF2 hashing was added in Django 1.4:
https://docs.djangoproject.com/en/stable/releases/1.4/#improved-password-hashing On Sunday, September 4, 2016 at 10:58:13 AM UTC-4, uri wrote: > > Thank you, Tim. Although we are using Django 1.9 and I understand that > passwords are hashed and salted, it's interesting to know which version of > Django was the first one to hash and salt passwords? I didn't find it > documented there. > > Thanks, > Uri. > > > *Uri Even-Chen* > [image: photo] Phone: +972-54-3995700 > Email: [email protected] <javascript:> > Website: http://www.speedysoftware.com/uri/en/ > <http://www.facebook.com/urievenchen> > <http://plus.google.com/+urievenchen> > <http://www.linkedin.com/in/urievenchen> <http://twitter.com/urievenchen> > > On Fri, Sep 2, 2016 at 3:35 PM, Tim Graham <[email protected] > <javascript:>> wrote: > >> Hi, >> >> We have fairly comprehensive documentation about passwords: >> https://docs.djangoproject.com/en/stable/topics/auth/passwords/ >> >> Let us know if you have unanswered questions after reading that. >> >> Tim >> >> On Friday, September 2, 2016 at 7:35:03 AM UTC-4, uri wrote: >>> >>> To Django users, >>> >>> Did you see this article: >>> https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ >>> >>> Does Django comply with the password guidelines and from which Django >>> version? Especially regarding the way the passwords are saved. I'm >>> developing Speedy Net in Django and I want to make sure I can rely on >>> Django in the way my users' passwords are saved in our database. I also >>> increased the minimal password length to 8 characters, and removed the >>> requirement for passwords to be alphanumeric. >>> >>> Thanks, >>> Uri. >>> >>> *Uri Even-Chen* >>> [image: photo] Phone: +972-54-3995700 >>> Email: [email protected] >>> Website: http://www.speedysoftware.com/uri/en/ >>> <http://www.facebook.com/urievenchen> >>> <http://plus.google.com/+urievenchen> >>> <http://www.linkedin.com/in/urievenchen> >>> <http://twitter.com/urievenchen> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/dc7489bb-c0d4-49ff-b371-d4958b4bc2ed%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/dc7489bb-c0d4-49ff-b371-d4958b4bc2ed%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4ea4160b-b91e-4f69-8470-c7f88ad7c03e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
