diff -Naur django.orig/contrib/auth/models.py django/contrib/auth/models.py
--- django.orig/contrib/auth/models.py	2011-04-08 00:01:23.000000000 +0200
+++ django/contrib/auth/models.py	2011-06-16 01:01:02.000000000 +0200
@@ -39,8 +39,11 @@
     Returns a boolean of whether the raw_password was correct. Handles
     encryption formats behind the scenes.
     """
-    algo, salt, hsh = enc_password.split('$')
-    return constant_time_compare(hsh, get_hexdigest(algo, salt, raw_password))
+    try:
+        algo, salt, hsh = enc_password.split('$')
+        return constant_time_compare(hsh, get_hexdigest(algo, salt, raw_password))
+    except ValueError:
+        return False
 
 def update_last_login(sender, user, **kwargs):
     """