#26188 closed New feature (fixed)
Document how to wrap password hashers
| Reported by: | Tim Graham | Owned by: | Tim Graham |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As discussed on django-developers, you can wrap hashers. For example, if you have a hasher which is sha1(password), add a new hasher which is bcrypt(sha1(password)). Then if you convert your database in a migration, you immediately get all the benefits of a better hash. We should give an example of this technique and recommend its use as part of removing weak password hashers from the default PASSWORD_HASHERS (#26187).
Change History (6)
comment:1 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 years ago
Note:
See TracTickets
for help on using tickets.
I've created an implementation for djangoproject.com and will base the documentation on this.