auth module should use longer salt for hashing

[Craig Younkins]

As noted here - ​http://www.pythonsecurity.org/wiki/django/#authentication - the current auth module uses 5 hexadecimal characters as a salt. This is equivalent to 20 bits (log base 2 of 16^{5). See ​http://code.djangoproject.com/browser/django/tags/releases/1.2.1/django/contrib/auth/models.py#L240}

PKCS5 v2.1 draft (​http://www.rsa.com/rsalabs/node.asp?id=2127) recommends that a salt of at least 64 bits be used. This will strengthen the password scheme by increasing the time needed for dictionary attacks.

[Chuck Harmston]

Related thread on django-developers: ​http://groups.google.com/group/django-developers/browse_thread/thread/d192e244c63a71d0

[Craig Younkins]

Added patch that adds better salt generation with 12 random characters from a-z, A-Z, 0-9, equivalent to 71-bits of entropy.

It tries to use random.SystemRandom as the entropy pool, falling back to random if SystemRandom raises NotImplementedError, which will occur on operating systems without /dev/urandom or CryptGenRandom on Windows.

I ran the 1700 Django unit tests but did not test it in an application. Adding a regression test is not possible.

Craig Younkins

[Gabriel Hurley]

This is a valid concern, and the code works for me, however I'm not a security expert so it could use another set of eyes.

It's a minor concern, but the example salt in the documentation probably ought to be updated as well, lest people think we're still only using a five-character salt: ​http://docs.djangoproject.com/en/dev/topics/auth/#passwords

[Jannis Leidel]

In [16453]:

Fixed #13969 -- Extended length of salt used when setting the password. Thanks to cyounkins for the initial patch.