Ticket #4151: docs.diff

File docs.diff, 2.3 KB (added by Nick Efford <nick@…>, 17 years ago)

Diff of authentication.txt, documenting the changes made by password2.diff.

  • docs/authentication.txt

     
    198198Passwords
    199199---------
    200200
     201The ``User.set_password()`` and ``User.check_password()`` functions handle
     202the setting and checking of passwords behind the scenes.
     203
    201204The ``password`` attribute of a ``User`` object is a string in this format::
    202205
    203206    hashtype$salt$hash
    204207
    205208That's hashtype, salt and hash, separated by the dollar-sign character.
     209Here is an example::
    206210
    207 Hashtype is either ``sha1`` (default), ``md5`` or ``crypt`` -- the algorithm
    208 used to perform a one-way hash of the password. Salt is a random string used
    209 to salt the raw password to create the hash. Note that the ``crypt`` method is
    210 only supported on platforms that have the standard Python ``crypt`` module
    211 available.
     211    sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
    212212
    213 For example::
     213Hashtype is the algorithm used to perform a one-way hash of the password.
     214Possible values are ``sha1``, ``sha224``, ``sha256``, ``sha384``, ``md5`` or
     215``crypt``.  Salt is a random string used to salt the raw password when
     216creating the hash.  Note that some choices of hashtype may be unavailable,
     217depending on your platform:
    214218
    215     sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
     219    * The ``crypt`` method is supported only on platforms that have the
     220      standard Python ``crypt`` module available.
     221    * The algorithms ``sha224``, ``sha256`` and ``sha384`` are supported
     222      only on platforms that have the standard Python ``hashlib`` module
     223      available (i.e., Python 2.5 or newer).  The hashtype defaults to
     224      ``sha256`` on such platforms, but you can change this by defining
     225      ``PASSWORD_HASH_ALGORITHM`` in your settings file.
     226    * If ``hashlib`` isn't available (e.g., on Python 2.4), the hashtype
     227      defaults to ``sha1`` and ``PASSWORD_HASH_ALGORITHM`` is ignored.
    216228
    217 The ``User.set_password()`` and ``User.check_password()`` functions handle
    218 the setting and checking of these values behind the scenes.
    219 
    220229Previous Django versions, such as 0.90, used simple MD5 hashes without password
    221230salts. For backwards compatibility, those are still supported; they'll be
    222231converted automatically to the new style the first time ``check_password()``
Back to Top