[Django] #26188: Document how to wrap password hashers

[Django]

#26188: Document how to wrap password hashers
-----------------------------------------+------------------------
Reporter: timgraham | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version: master
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
As [https://groups.google.com/d/topic/django-
developers/ZeRJU8YVrxg/discussion discussed on django-developers], you
can wrap hashers. For example, if you have a hasher which is
`sha1(password)`, add a new hasher which is `bcrypt(sha1(password))`. Then
if you convert your database in a migration, you immediately get all the
benefits of a better hash. We should give an example of this technique and
recommend its use as part of removing weak password hashers from the
default `PASSWORD_HASHERS` (#26187).

--
Ticket URL: <https://code.djangoproject.com/ticket/26188>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: New feature | Status: assigned
Component: Documentation | Version: master
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------
Changes (by timgraham):

* status: new => assigned
* owner: nobody => timgraham

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:1>

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: New feature | Status: assigned

Component: Documentation | Version: master
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------

Comment (by timgraham):

I've created [https://github.com/django/djangoproject.com/pull/634 an
implementation for djangoproject.com] and will base the documentation on
this.

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:2>

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: New feature | Status: assigned

Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------
Changes (by timgraham):

* has_patch: 0 => 1

Comment:

[https://github.com/django/django/pull/6114 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:3>

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham

Type: New feature | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"5a541e2e6cb01e254f20c302093a24d7dc9af8ce" 5a541e2e]:
{{{
#!CommitTicketReference repository=""
revision="5a541e2e6cb01e254f20c302093a24d7dc9af8ce"
Fixed #26188 -- Documented how to wrap password hashers.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:4>

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: New feature | Status: closed

Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"31c9301f27e22c189bff2b514e490af7bd2b6ccd" 31c9301]:
{{{
#!CommitTicketReference repository=""
revision="31c9301f27e22c189bff2b514e490af7bd2b6ccd"
[1.9.x] Fixed #26188 -- Documented how to wrap password hashers.

Backport of 5a541e2e6cb01e254f20c302093a24d7dc9af8ce from master
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:5>

[Django]

#26188: Document how to wrap password hashers

-------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: New feature | Status: closed

Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"2d321d2393ebf5a8d69604d857fd7df77887ccf7" 2d321d23]:
{{{
#!CommitTicketReference repository=""
revision="2d321d2393ebf5a8d69604d857fd7df77887ccf7"
[1.8.x] Fixed #26188 -- Documented how to wrap password hashers.

Backport of 5a541e2e6cb01e254f20c302093a24d7dc9af8ce from master
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/26188#comment:6>