Code

Opened 6 years ago

Closed 4 years ago

#9194 closed (duplicate)

Allow additional hashing algorithms for passwords

Reported by: dcramer Owned by: nobody
Component: contrib.auth Version: 1.0
Severity: Keywords:
Cc: gonz Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

A useful addition to the auth contrib application would be the ability to pass in additional hashing algorithms for the password.

e.g.

AUTH_PASSWORD_ALGORITHMS = {

'sha': 'django.contrib.auth.blah.ShaHashThing',
'md5': '...',
'myalgo': '...',

}

Attachments (0)

Change History (6)

comment:1 Changed 6 years ago by gonz

  • Cc gonz added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 5 years ago by jacob

  • Triage Stage changed from Unreviewed to Design decision needed

comment:3 Changed 5 years ago by russellm

Repeating comments I made on django-dev:

Personally, I see this as a pretty low priority item, verging on wontfix. My usual position is that having more pluggable interfaces is a good thing, but in this case, IMHO, there isn't enough change and innovation in hashing algorithms to warrant a fully configurable interface for defining password hashes. There might even be an argument to _not_ make it configurable to discourage people from trying to write their own hashing algorithms.

contrib.auth currently supports MD5, SHA1 and crypt, which IMHO covers all the important bases. If you think there is an obvious candidate that is missing, I think I'd rather see us add specific support for that algorithm rather than a pluggable interface.

comment:4 Changed 5 years ago by dcramer

For us (and we monkey patched to do this) our reasoning was having old passwords which had a slightly different algorithm than the built-in md5 or sha1. We wanted to support those still, since they could be.

comment:5 Changed 4 years ago by akaihola

#6028 is somewhat related (adding compatibility with glibc MD5-based crypt shadow passwords).

comment:6 Changed 4 years ago by subsume

  • Resolution set to duplicate
  • Status changed from new to closed

Dupe of #6028 and a lack of support for a more comprehensive pluggable backend for this use-case.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.