Opened 8 years ago

Closed 5 years ago

#8647 closed New feature (duplicate)

Add support for user password encryption algorithm selection

Reported by: Sam Reghenzi Owned by:
Component: contrib.auth Version: master
Severity: Normal Keywords: password encryption
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

User class in django/contrib/auth/models supports crypt algorithm in decoding password but not in the set_password method (see line 175). User password encryption algorithm should have a default but also but also configurable in project settings.

Project settings SECRET_KEY should be used in the encryption since all the data needed for brute force cracking are available in a db dump

Attachments (2)

models.py.diff (1.7 KB) - added by Sam Reghenzi 8 years ago.
hashcompat.py.diff (478 bytes) - added by Sam Reghenzi 8 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 8 years ago by Sam Reghenzi

Owner: changed from nobody to Sam Reghenzi
Status: newassigned

Changed 8 years ago by Sam Reghenzi

Attachment: models.py.diff added

Changed 8 years ago by Sam Reghenzi

Attachment: hashcompat.py.diff added

comment:2 Changed 8 years ago by Sam Reghenzi

Has patch: set
Needs tests: set

comment:3 Changed 8 years ago by (none)

milestone: post-1.0

Milestone post-1.0 deleted

comment:4 Changed 8 years ago by Jacob

Triage Stage: UnreviewedDesign decision needed

comment:5 Changed 6 years ago by Adam Nelson

Owner: Sam Reghenzi deleted
Status: assignednew

Is this an inactive ticket?

comment:6 Changed 6 years ago by Luke Plant

Severity: Normal
Type: New feature

comment:7 Changed 5 years ago by Jacob

Easy pickings: unset
Resolution: duplicate
Status: newclosed
UI/UX: unset

#15367 is tracking this now and has up-to-date info. Marking this one as a duplicate of #15367.

Note: See TracTickets for help on using tickets.
Back to Top