id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20917	Change the password hashers when testing	Marc Tamlyn	Bruno Alla	"Disclaimer: I'm not completely sure this is a good idea as a default.

The default password hasher is very secure, and very slow to create passwords. This is never an issue in production, but in testing it is *amazingly* slow. Most of the time using the unsalted MD5 hasher as `settings.PASSWORD_HASHERS[0]` has resulted in a six-fold increase in speed in my test suites. To be honest, I think we could use a ""non-hashing"" hasher in these cases.

I'd like to change the ""default"" to insert this new non-hashing hasher as `settings.PASSWORD_HASHERS[0]` during `setup_test_environment()`. For anyone who does not know about this trick, their test suits will automatically speed up. Any tests expecting a certain hasher to have been used when creating would fail in a backwardsly incompatible manner. Any fixtures or similar with passwords created using another hasher would still be valid, but would then update to be the raw password on success. Of course, to validate these passwords the password text would need to be included in plain text in the test suite (See #20916 for an alternative solution to this issue).

Other comparable setting changes done in this way include: turning off translations, using the console email backend, removing allowed_hosts checking, turning debug off.

Am I mental, or is this a sensible optimisation?"	New feature	closed	Testing framework	dev	Normal	wontfix		tom@…	Unreviewed	0	0	0	0	0	0