#24115 closed New feature (fixed)
Bcrypt hashers don't implement must_update
| Reported by: | Alex Rothberg | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
If the number of rounds is changed for the bcrypt hashers it does not appear that the must_update will ever return True. This is because the default implementation is used.
For comparison, see passlib which does in fact perform migrations for bcrypt.
Change History (9)
comment:1 by , 11 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 11 years ago
| Description: | modified (diff) |
|---|
follow-up: 4 comment:3 by , 11 years ago
| Cc: | added |
|---|---|
| Component: | Uncategorized → contrib.auth |
comment:4 by , 11 years ago
Replying to timgraham:
Seems reasonable, but just would like Florian to confirm this wasn't an intentional omission in 7d0d0dbf26a3c0d16e9c2b930fd6d7b89f215946.
It was intentional, I think Alex was against it, not sure why anymore…
comment:5 by , 11 years ago
| Cc: | added |
|---|
comment:6 by , 11 years ago
| Cc: | removed |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
Alex says, "I'm definitely not against bcrypt implementing must_upgrade."
Note:
See TracTickets
for help on using tickets.
Seems reasonable, but just would like Florian to confirm this wasn't an intentional omission in 7d0d0dbf26a3c0d16e9c2b930fd6d7b89f215946.