NIST’s new password rules - Digital Authentication Guidelines
52 views
Skip to first unread message
Uri Even-Chen
Sep 2, 2016, 7:35:03 AM9/2/16
to django...@googlegroups.com
To Django users,
Did you see this article: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
Does Django comply with the password guidelines and from which Django version? Especially regarding the way the passwords are saved. I'm developing Speedy Net in Django and I want to make sure I can rely on Django in the way my users' passwords are saved in our database. I also increased the minimal password length to 8 characters, and removed the requirement for passwords to be alphanumeric.
Thanks,
Uri.
| Uri Even-Chen |
 | Phone: +972-54-3995700 Email: u...@speedy.net Website: http://www.speedysoftware.com/uri/en/     |
Tim Graham
Sep 2, 2016, 8:35:56 AM9/2/16
to Django users
Hi,
We have fairly comprehensive documentation about passwords: https://docs.djangoproject.com/en/stable/topics/auth/passwords/
Let us know if you have unanswered questions after reading that.
Tim
Uri Even-Chen
Sep 4, 2016, 10:58:13 AM9/4/16
to django...@googlegroups.com
Thank you, Tim. Although we are using Django 1.9 and I understand that passwords are hashed and salted, it's interesting to know which version of Django was the first one to hash and salt passwords? I didn't find it documented there.
Thanks,
Uri.
| Uri Even-Chen |
| | Phone: +972-54-3995700 Email: u...@speedy.net Website: http://www.speedysoftware.com/uri/en/ |
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/dc7489bb-c0d4-49ff-b371-d4958b4bc2ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tim Graham
Sep 4, 2016, 2:37:12 PM9/4/16
to Django users
I suspect passwords were always salted and hashed, though things have improved over the years. In particular, PBKDF2 hashing was added in Django 1.4:
https://docs.djangoproject.com/en/stable/releases/1.4/#improved-password-hashing
https://docs.djangoproject.com/en/stable/releases/1.4/#improved-password-hashing
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
Uri Even-Chen
Sep 4, 2016, 10:34:26 PM9/4/16
to django...@googlegroups.com
Thank you, Tim. I appreciate your reply.
| Uri Even-Chen |
| | Phone: +972-54-3995700 Email: u...@speedy.net Website: http://www.speedysoftware.com/uri/en/ |
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4ea4160b-b91e-4f69-8470-c7f88ad7c03e%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages