Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#26188 closed New feature (fixed)

Document how to wrap password hashers

Reported by: Tim Graham Owned by: Tim Graham
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

As discussed on django-developers, you can wrap hashers. For example, if you have a hasher which is sha1(password), add a new hasher which is bcrypt(sha1(password)). Then if you convert your database in a migration, you immediately get all the benefits of a better hash. We should give an example of this technique and recommend its use as part of removing weak password hashers from the default PASSWORD_HASHERS (#26187).

Change History (6)

comment:1 Changed 7 years ago by Tim Graham

Owner: changed from nobody to Tim Graham
Status: newassigned

comment:2 Changed 7 years ago by Tim Graham

I've created an implementation for djangoproject.com and will base the documentation on this.

comment:3 Changed 7 years ago by Tim Graham

Has patch: set

comment:4 Changed 7 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 5a541e2e:

Fixed #26188 -- Documented how to wrap password hashers.

comment:5 Changed 7 years ago by Tim Graham <timograham@…>

In 31c9301:

[1.9.x] Fixed #26188 -- Documented how to wrap password hashers.

Backport of 5a541e2e6cb01e254f20c302093a24d7dc9af8ce from master

comment:6 Changed 7 years ago by Tim Graham <timograham@…>

In 2d321d23:

[1.8.x] Fixed #26188 -- Documented how to wrap password hashers.

Backport of 5a541e2e6cb01e254f20c302093a24d7dc9af8ce from master

Note: See TracTickets for help on using tickets.
Back to Top