If you dig into Django's password tools, you'll discover that we use PBKDF2 by default, and have an option to use bcrypt. We also have a pluggable backend that allows you to define your own hashing algorithm if you'd prefer something harder, or if something emerges that supersedes PBKDF2.
-- We haven't used SHA-based or MD5-based hashing for some time.
Yours,
Russ Magee %-)
On Wed, Feb 27, 2013 at 11:36 PM, Tomas Neme <lacrymology@gmail.com> wrote:
and here it presses an even stronger case about NOT using bcrypt but
something even slower
http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html
On Wed, Feb 27, 2013 at 12:33 PM, Tomas Neme <lacrymology@gmail.com> wrote:
> I just ran into this. It presses a pretty strong case...
>
> http://codahale.com/how-to-safely-store-a-password/
>
> --
> "The whole of Japan is pure invention. There is no such country, there
> are no such people" --Oscar Wilde
>
> |_|0|_|
> |_|_|0|
> |0|0|0|
>
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny
> (")_(") to help him gain world domination.
--
"The whole of Japan is pure invention. There is no such country, there
are no such people" --Oscar Wilde
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment