mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-04 13:39:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Added docs for the hasher's iteration count changes.

Browse source
This commit is contained in:
Tim Graham 2013-10-18 09:09:56 -04:00 committed by Florian Apolloner
parent 7d0d0dbf26
commit 28b70425af
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/releases/1.6.txt
View file

@ -369,7 +369,8 @@ Minor features
increased by 20%. This backwards compatible change will not affect increased by 20%. This backwards compatible change will not affect
existing passwords or users who have subclassed existing passwords or users who have subclassed
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
default value. default value. Passwords :ref:`will be upgraded <password-upgrades>` to use
the new iteration count as necessary.
Backwards incompatible changes in 1.6 Backwards incompatible changes in 1.6
===================================== =====================================

8
docs/topics/auth/passwords.txt
View file

@ -124,6 +124,8 @@ algorithm.
output)``. For example: output)``. For example:
``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``. ``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``.
.. _increasing-password-algorithm-work-factor:
Increasing the work factor Increasing the work factor
-------------------------- --------------------------
@ -167,6 +169,8 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2. stores passwords using PBKDF2.
.. _password-upgrades:
Password upgrading Password upgrading
------------------ ------------------
@ -181,6 +185,10 @@ However, Django can only upgrade passwords that use algorithms mentioned in
sure never to *remove* entries from this list. If you do, users using un- sure never to *remove* entries from this list. If you do, users using un-
mentioned algorithms won't be able to upgrade. mentioned algorithms won't be able to upgrade.
.. versionadded:: 1.6
Passwords will be upgraded when changing the PBKDF2 iteration count.
.. _sha1: http://en.wikipedia.org/wiki/SHA1 .. _sha1: http://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2 .. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf