1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Added password hashing improvements to 1.4 alpha 1 release notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17258 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Paul McMillan 2011-12-23 05:00:51 +00:00
parent d49fd627a6
commit 2d1a681f77

View File

@ -99,6 +99,23 @@ allows you to fix a very common performance problem in which your code ends up
doing O(n) database queries (or worse) if objects on your primary ``QuerySet``
each have many related objects that you also need.
Improved password hashing
~~~~~~~~~~~~~~~~~~~~~~~~~
Django's auth system (``django.contrib.auth``) stores passwords using a one-way
algorithm. Django 1.3 uses the SHA1_ algorithm, but increasing processor speeds
and theoretical attacks have revealed that SHA1 isn't as secure as we'd like.
Thus, Django 1.4 introduces a new password storage system: by default Django now
uses the PBKDF2_ algorithm (as recommended by NIST_). You can also easily choose
a different algorithm (including the popular bcrypt_ algorithm). For more
details, see :ref:`auth_password_storage`.
.. _sha1: http://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
HTML5 Doctype
~~~~~~~~~~~~~