Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#34017 closed Cleanup/optimization (fixed)

Mention that when using Argon2PasswordHasher, this means Argon2id gets used

Reported by: David Schultz Owned by: Ritik Soni
Component: Documentation Version: 4.1
Severity: Normal Keywords: Argon2 Argon2id hashing algorithm password management
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

In the documentation page on "Password management in Django", the section on Argon2 should mention that with the settings described there, the specific algorithm that gets actually used is the variant Argon2id. Namely, one should not have to look in another place to ascertain which precise algorithm gets used when one makes the changes described there (as it's quite important to know for sure that one will indeed be using Argon2id instead of any other variant out there).

Link to the documentation section concerned: https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#using-argon2-with-django
Currently, the fact that Argon2id is indeed the default in Django (when using Argon2), is to my knowledge only mentioned here: https://docs.djangoproject.com/en/4.1/releases/3.2/

Change History (7)

comment:1 by Mariusz Felisiak, 2 years ago

Triage Stage: UnreviewedAccepted

Agreed. Would you like to prepare a patch? It should be enough to mention Argon2id in topics, e.g.

  • docs/topics/auth/passwords.txt

    diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
    index 25c98bf786..43607d6478 100644
    a b Using Argon2 with Django  
    8383Argon2_ is the winner of the 2015 `Password Hashing Competition`_, a community
    8484organized open competition to select a next generation hashing algorithm. It's
    8585designed not to be easier to compute on custom hardware than it is to compute
    86 on an ordinary CPU.
     86on an ordinary CPU. The default variant for the Argon2 password hasher is
     87Argon2id.
    8788
    8889Argon2_ is not the default for Django because it requires a third-party
    8990library. The Password Hashing Competition panel, however, recommends immediate

comment:2 by Mariusz Felisiak, 2 years ago

Easy pickings: set

comment:3 by David Schultz, 2 years ago

Currently I can't familiarize myself with the steps necessary to prepare such a patch, so I would kindly ask you or someone else to do this. The text which I would propose is this, building upon your suggestion:

  • docs/topics/auth/passwords.txt

    diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
    index ???..??? ???
    a b Using Argon2 with Django  
    8383Argon2_ is the winner of the 2015 `Password Hashing Competition`_, a community
    8484organized open competition to select a next generation hashing algorithm. It's
    8585designed not to be easier to compute on custom hardware than it is to compute
    86 on an ordinary CPU.
     86on an ordinary CPU. The default variant for the Argon2 password hasher is
     87Argon2id.
    8788
    8889Argon2_ is not the default for Django because it requires a third-party
    8990library. The Password Hashing Competition panel, however, recommends immediate
    9091use of Argon2 rather than the other algorithms supported by Django.
    9192
    92 To use Argon2 as your default storage algorithm, do the following:
     93To use Argon2id as your default storage algorithm, do the following:

comment:4 by Ritik Soni, 2 years ago

Owner: changed from nobody to Ritik Soni
Status: newassigned

comment:5 by Mariusz Felisiak, 2 years ago

Has patch: set
Triage Stage: AcceptedReady for checkin

comment:6 by GitHub <noreply@…>, 2 years ago

Resolution: fixed
Status: assignedclosed

In c11336cd:

Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher.

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 2 years ago

In 0859093f:

[4.1.x] Fixed #34017 -- Doc'd that Argon2id variant is used by Argon2PasswordHasher.

Backport of c11336cd990e155371a5185cf3bd6942cad8d9da from main

Note: See TracTickets for help on using tickets.
Back to Top