Index: django/contrib/auth/models.py
===================================================================
--- django/contrib/auth/models.py	(revision 4647)
+++ django/contrib/auth/models.py	(working copy)
@@ -5,19 +5,36 @@
 from django.utils.translation import gettext_lazy as _
 import datetime
 
+def get_hexdigest(algorithm, plaintext):
+    """
+    Returns a string of the hexdigest of the given plaintext
+    using the given algorithm.
+    """
+    try:
+        # Python 2.5 has moved to using hashlib for hashing functions
+        import hashlib
+        if algorithm == 'md5':
+            return hashlib.md5(plaintext).hexdigest()
+        elif algorithm == 'sha1':
+            return hashlib.sha1(plaintext).hexdigest()
+        raise ValueError, "Got unknown password algorithm type in password."
+        
+    except ImportError:
+        if algorithm == 'md5':
+            import md5
+            return md5.new(plaintext).hexdigest()
+        elif algorithm == 'sha1':
+            import sha
+            return sha.new(plaintext).hexdigest()
+        raise ValueError, "Got unknown password algorithm type in password."
+
 def check_password(raw_password, enc_password):
     """
     Returns a boolean of whether the raw_password was correct. Handles
     encryption formats behind the scenes.
     """
     algo, salt, hsh = enc_password.split('$')
-    if algo == 'md5':
-        import md5
-        return hsh == md5.new(salt+raw_password).hexdigest()
-    elif algo == 'sha1':
-        import sha
-        return hsh == sha.new(salt+raw_password).hexdigest()
-    raise ValueError, "Got unknown password algorithm type in password."
+    return (hsh == get_hexdigest(algo, salt+raw_password))
 
 class SiteProfileNotAvailable(Exception):
     pass
@@ -138,10 +155,10 @@
         return full_name.strip()
 
     def set_password(self, raw_password):
-        import sha, random
+        import random
         algo = 'sha1'
-        salt = sha.new(str(random.random())).hexdigest()[:5]
-        hsh = sha.new(salt+raw_password).hexdigest()
+        salt = get_hexdigest(algo, str(random.random()))[:5]
+        hsh = get_hexdigest(algo, salt+raw_password)
         self.password = '%s$%s$%s' % (algo, salt, hsh)
 
     def check_password(self, raw_password):
@@ -152,8 +169,7 @@
         # Backwards-compatibility check. Older passwords won't include the
         # algorithm or salt.
         if '$' not in self.password:
-            import md5
-            is_correct = (self.password == md5.new(raw_password).hexdigest())
+            is_correct = (self.password == get_hexdigest('md5', raw_password))
             if is_correct:
                 # Convert the password to the new, more secure format.
                 self.set_password(raw_password)