mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Refs #24115 -- Added docs for password updates on bcrypt rounds change.
This commit is contained in:
@@ -191,8 +191,13 @@ can switch to new (and better) storage algorithms as they get invented.
|
||||
However, Django can only upgrade passwords that use algorithms mentioned in
|
||||
:setting:`PASSWORD_HASHERS`, so as you upgrade to new systems you should make
|
||||
sure never to *remove* entries from this list. If you do, users using
|
||||
unmentioned algorithms won't be able to upgrade. Passwords will be upgraded
|
||||
when changing the PBKDF2 iteration count.
|
||||
unmentioned algorithms won't be able to upgrade. Hashed passwords will be
|
||||
updated when increasing (or decreasing) the number of PBKDF2 iterations or
|
||||
bcrypt rounds.
|
||||
|
||||
.. versionchanged:: 1.9
|
||||
|
||||
Passwords updates when changing the number of bcrypt rounds was added.
|
||||
|
||||
.. _sha1: https://en.wikipedia.org/wiki/SHA1
|
||||
.. _pbkdf2: https://en.wikipedia.org/wiki/PBKDF2
|
||||
@@ -200,7 +205,6 @@ when changing the PBKDF2 iteration count.
|
||||
.. _bcrypt: https://en.wikipedia.org/wiki/Bcrypt
|
||||
.. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/
|
||||
|
||||
|
||||
Manually managing a user's password
|
||||
===================================
|
||||
|
||||
|
Reference in New Issue
Block a user