Opened 8 years ago

Closed 6 years ago

#9194 closed (duplicate)

Allow additional hashing algorithms for passwords

Reported by: David Cramer Owned by: nobody
Component: contrib.auth Version: 1.0
Severity: Keywords:
Cc: Gonzalo Saavedra Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

A useful addition to the auth contrib application would be the ability to pass in additional hashing algorithms for the password.

e.g.

AUTH_PASSWORD_ALGORITHMS = {

'sha': 'django.contrib.auth.blah.ShaHashThing',
'md5': '...',
'myalgo': '...',

}

Change History (6)

comment:1 Changed 8 years ago by Gonzalo Saavedra

Cc: Gonzalo Saavedra added

comment:2 Changed 8 years ago by Jacob

Triage Stage: UnreviewedDesign decision needed

comment:3 Changed 7 years ago by Russell Keith-Magee

Repeating comments I made on django-dev:

Personally, I see this as a pretty low priority item, verging on wontfix. My usual position is that having more pluggable interfaces is a good thing, but in this case, IMHO, there isn't enough change and innovation in hashing algorithms to warrant a fully configurable interface for defining password hashes. There might even be an argument to _not_ make it configurable to discourage people from trying to write their own hashing algorithms.

contrib.auth currently supports MD5, SHA1 and crypt, which IMHO covers all the important bases. If you think there is an obvious candidate that is missing, I think I'd rather see us add specific support for that algorithm rather than a pluggable interface.

comment:4 Changed 7 years ago by David Cramer

For us (and we monkey patched to do this) our reasoning was having old passwords which had a slightly different algorithm than the built-in md5 or sha1. We wanted to support those still, since they could be.

comment:5 Changed 7 years ago by Antti Kaihola

#6028 is somewhat related (adding compatibility with glibc MD5-based crypt shadow passwords).

comment:6 Changed 6 years ago by Yeago

Resolution: duplicate
Status: newclosed

Dupe of #6028 and a lack of support for a more comprehensive pluggable backend for this use-case.

Note: See TracTickets for help on using tickets.
Back to Top