Opened 5 years ago
Last modified 4 years ago
#30472 closed Cleanup/optimization
Argon2id should be supported and become the default variety for Argon2PasswordHasher — at Initial Version
| Reported by: | Si Feng | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | argon2, argon2id |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
There were two important changes in the upstream argon2-cffi library since Django 1.10 was released with Argon2 support:
- (Nov 10, 2016) argon2id support was added: https://github.com/hynek/argon2_cffi/commit/00120a9880a74a5aedb13ee343bf6ccd507bb2d8#diff-1efe26b4b54ac28232eaecb9107ee6ed
- (Apr 9, 2018) argon2id became its default type: https://github.com/hynek/argon2_cffi/pull/34/files
When Django 1.10 was released, only argon2d and argon2i were available, hence the hard-coded argon2i variety in Argon2PasswordHasher.
Note:
See TracTickets
for help on using tickets.