MD5PasswordHasher is not using salt
|Reported by:||gunnar@…||Owned by:||PaulM|
|Severity:||Release blocker||Keywords:||MD5PasswordHasher MD5 salt login|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In django.contrib.auth.models.py line 32 md5 passwort hash is calculated with salt.
return md5_constructor(salt + raw_password).hexdigest()
Django 1.4 beta 1 uses md5 without salt:
Verification of passwords from users of Django 1.3.1 with md5 password with salt is failing.
Therefore this users can't login anymore.
Change History (6)
comment:1 Changed 2 years ago by mbt
- Cc mbt@… added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 2 years ago by aaugustin
- Owner changed from nobody to PaulM
- Triage Stage changed from Unreviewed to Accepted
comment:5 Changed 2 years ago by Hangya
- Resolution fixed deleted
- Status changed from closed to reopened