Opened 16 years ago

Closed 14 years ago

#9194 closed (duplicate)

Allow additional hashing algorithms for passwords

Reported by: David Cramer Owned by: nobody
Component: contrib.auth Version: 1.0
Severity: Keywords:
Cc: Gonzalo Saavedra Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

A useful addition to the auth contrib application would be the ability to pass in additional hashing algorithms for the password.

e.g.

AUTH_PASSWORD_ALGORITHMS = {

'sha': 'django.contrib.auth.blah.ShaHashThing',
'md5': '...',
'myalgo': '...',

}

Change History (6)

comment:1 by Gonzalo Saavedra, 16 years ago

Cc: Gonzalo Saavedra added

comment:2 by Jacob, 16 years ago

Triage Stage: UnreviewedDesign decision needed

comment:3 by Russell Keith-Magee, 15 years ago

Repeating comments I made on django-dev:

Personally, I see this as a pretty low priority item, verging on wontfix. My usual position is that having more pluggable interfaces is a good thing, but in this case, IMHO, there isn't enough change and innovation in hashing algorithms to warrant a fully configurable interface for defining password hashes. There might even be an argument to _not_ make it configurable to discourage people from trying to write their own hashing algorithms.

contrib.auth currently supports MD5, SHA1 and crypt, which IMHO covers all the important bases. If you think there is an obvious candidate that is missing, I think I'd rather see us add specific support for that algorithm rather than a pluggable interface.

comment:4 by David Cramer, 15 years ago

For us (and we monkey patched to do this) our reasoning was having old passwords which had a slightly different algorithm than the built-in md5 or sha1. We wanted to support those still, since they could be.

comment:5 by Antti Kaihola, 15 years ago

#6028 is somewhat related (adding compatibility with glibc MD5-based crypt shadow passwords).

comment:6 by Yeago, 14 years ago

Resolution: duplicate
Status: newclosed

Dupe of #6028 and a lack of support for a more comprehensive pluggable backend for this use-case.

Note: See TracTickets for help on using tickets.
Back to Top