Thanks, I didn't realize there was another wrinkle in this problem. I thought all SHA1 was the same.
I'm not sure if I have access to the code -- the site was a Ruby on Rails site before. I followed a tutorial (http://www.aidanf.net/ rails_user_authentication_tutorial) to create the authentication system. Here are some relevant (I think?) code snippets (from the user model): require 'digest/sha1' def password=(pass) @password=pass self.salt = User.random_string(10) if !self.salt? self.hashed_password = User.encrypt(@password, self.salt) end def self.encrypt(pass, salt) Digest::SHA1.hexdigest(pass+salt) end def self.authenticate(login, pass) u=find(:first, :conditions=>["login = ?", login]) return nil if u.nil? return u if User.encrypt(pass, u.salt)==u.hashed_password nil end If I wanted to recreate that system in django to replace the sha1$ part of the password field, would I basically need to port this code to django? Thanks again for your help! On Dec 3, 8:06 am, Bill Freeman <[email protected]> wrote: > Do you have access to the password checking code for the source system? > It's fine to say that you have an SHA1 hash, but even if that's true, there > are many choices for how to represent the digest, and how to apply the > salt. > > If you have access to the code, you might insert print statements to see > what various intermediate values you see. If it's just a case of representing > the hash (or salt) as an integer versus a hexadecimal string, for example, > then you have a prayer of converting. But if one applies the salt to the > beginning of the message, and the other to the end, or to both, or embeds > it, or one squashes the password to radix 50 or some such and the other > doesn't, or a number of other possibilities, you are out of luck making it > work with the default auth framework. > > You could implement an additional password type in Django, using the old > site's algorithm, and calling it something other than sha1 (the key before > the first '$'). > > > > On Wed, Dec 2, 2009 at 7:18 PM, Dave <[email protected]> wrote: > > I have a website with about 90 users that I'm trying to import into > > Django. Right now, the users have a password with a salt and a hash, > > so I tried (with a sample user) to format the password how Django > > likes them. I did sha1$salt$hash and I wasn't able to log into admin > > with that user (I made that user a superuser, staff, and active). I'm > > using Django's auth authentication system. Has anyone run into this > > before? Do I have to do something else to get this to work? > > > Thanks in advance! > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
