[Django] #36744: Improve/correct scrypt password hasher documentation
10 views
Skip to first unread message
Django
Nov 18, 2025, 7:22:24 PMNov 18
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry | Owner: Dmitry Chestnykh
Chestnykh |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: dev
Documentation |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 1
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
The current documentation for scrypt password hasher lacks some
constraints and definitions:
1. work_factor: described incompletely, missing the requirement that
this value must be a power of 2
2. block_size: has no description
3. parallelism: needs to be defined, perhaps, as "independent
computations" rather than "threads", because the current OpenSSL
implementation is not multithreaded.
If OpenSSL becomes multithreaded, the "Estimating memory usage" note also
needs to be adjusted to account for parallelism.
I think it would also be helpful to mention that these parameters are N,
r, p, as these are standard terminology for those familiar with scrypt.
I'll send a pull request shortly.
--
Ticket URL: <https://code.djangoproject.com/ticket/36744>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------+-------------------------------------
Reporter: Dmitry | Owner: Dmitry Chestnykh
Chestnykh |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: dev
Documentation |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 1
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
The current documentation for scrypt password hasher lacks some
constraints and definitions:
1. work_factor: described incompletely, missing the requirement that
this value must be a power of 2
2. block_size: has no description
3. parallelism: needs to be defined, perhaps, as "independent
computations" rather than "threads", because the current OpenSSL
implementation is not multithreaded.
If OpenSSL becomes multithreaded, the "Estimating memory usage" note also
needs to be adjusted to account for parallelism.
I think it would also be helpful to mention that these parameters are N,
r, p, as these are standard terminology for those familiar with scrypt.
I'll send a pull request shortly.
--
Ticket URL: <https://code.djangoproject.com/ticket/36744>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Nov 19, 2025, 12:50:32 PMNov 19
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
-------------------------------------+-------------------------------------
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Unreviewed => Accepted
Comment:
Documentation is always welcomed! Thank you for volunteering.
I see you checked the "has patch" flag. Is there a PR ready for this?
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:1>
Django
Nov 19, 2025, 12:51:43 PMNov 19
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Dmitry Chestnykh):
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Thanks, Natalia! Yes, the PR is here:
https://github.com/django/django/pull/20269
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:2>
Django
Dec 3, 2025, 6:09:50 AM (3 days ago) Dec 3
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
-------------------------------------+-------------------------------------
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:3>
Django
Dec 4, 2025, 2:54:28 AM (yesterday) Dec 4
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:4>
Django
Dec 4, 2025, 3:23:11 AM (yesterday) Dec 4
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: closed
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"0ca3a0661173b02e2cbb0183d8543e790e7e4a55" 0ca3a06]:
{{{#!CommitTicketReference repository=""
revision="0ca3a0661173b02e2cbb0183d8543e790e7e4a55"
Fixed #36744 -- Improved scrypt password hasher docs.
- Corrected work_factor description and its requirements.
- Added block_size description.
- Changed parallelism description to mention computations, rather than
threads (currently it's not multithreaded.)
- For all of the above, added standard scrypt terminology (N, r, p).
- Mentioned that in multithreaded implementations, parallelism also
influences the memory requirements.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:5>
Django
Dec 4, 2025, 3:23:45 AM (yesterday) Dec 4
to django-...@googlegroups.com
#36744: Improve/correct scrypt password hasher documentation
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
-------------------------------------+-------------------------------------
Reporter: Dmitry Chestnykh | Owner: Dmitry
Type: | Chestnykh
Cleanup/optimization | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
In [changeset:"719db78a94f0c69301dbcafee0373b0c0a49dff0" 719db78]:
{{{#!CommitTicketReference repository=""
revision="719db78a94f0c69301dbcafee0373b0c0a49dff0"
[6.0.x] Fixed #36744 -- Improved scrypt password hasher docs.
- Corrected work_factor description and its requirements.
- Added block_size description.
- Changed parallelism description to mention computations, rather than
threads (currently it's not multithreaded.)
- For all of the above, added standard scrypt terminology (N, r, p).
- Mentioned that in multithreaded implementations, parallelism also
influences the memory requirements.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36744#comment:6>
Reply all
Reply to author
Forward
0 new messages