id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5600	Patch to enhance cryptography on django.contrib.auth	Chris Petrilli	nobody	"The current instantiation of {{{django.contrib.auth}}} has a few issues that could be improved. The three primary ones dealt with in this patch are:

  * Increasing the size of the salt pool
  * Making available SHA-256 for enhances security
  * Making the selection of algorithms available in settings

The first, increasing the size of the salt pool, is based on decreasing the impact of a birthday paradox attack against the pool. The current approach uses a space of 16^5^ (1,048,576) for all salts. While this would seem on the surface to be adequate, there is in-fact a 0.5 probability of 2 users having the same hash in any database of 1,206 or more users. More information on the probability can be [http://en.wikipedia.org/wiki/Birthday_paradox found on Wikipedia]. The patch changes the method used to calculate a salt to 10 random selections from printable characters, and increases the space to 2.18*10^14^ and creates a 0.5 probability situation around 447,656,038 at the cost of 5 bytes per entry.

The second issue is that SHA-1 has known collision issues, and so I've made a tiny patch to allow SHA-256 (a version of SHA-2) to be used. For this to be useful, however, I've refactored out the third item, and created a setting {{{AUTH_CRYPTO_ALGORITHM}}} that can override the default algorithm. This has a default setting of 'sha1' but can be changed by the user.

Finally, I've also factored out the process of upgrading a password in place in {{{User.convert_password}}}, and modified {{{User.check_password}}} to automatically upgrade users as they sign in.

"		closed	Contrib apps	dev		wontfix	auth user crypto	treborhudson@… gajon@… django@… Rick@…	Design decision needed	1	0	1	0	0	0