2012-12-29 03:00:11 +08:00
|
|
|
=============================
|
|
|
|
Password management in Django
|
|
|
|
=============================
|
|
|
|
|
|
|
|
Password management is something that should generally not be reinvented
|
|
|
|
unnecessarily, and Django endeavors to provide a secure and flexible set of
|
|
|
|
tools for managing user passwords. This document describes how Django stores
|
|
|
|
passwords, how the storage hashing can be configured, and some utilities to
|
|
|
|
work with hashed passwords.
|
|
|
|
|
|
|
|
.. _auth_password_storage:
|
|
|
|
|
|
|
|
How Django stores passwords
|
|
|
|
===========================
|
|
|
|
|
2012-12-27 04:47:29 +08:00
|
|
|
Django provides a flexible password storage system and uses PBKDF2 by default.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
The :attr:`~django.contrib.auth.models.User.password` attribute of a
|
|
|
|
:class:`~django.contrib.auth.models.User` object is a string in this format::
|
|
|
|
|
2013-01-05 09:42:25 +08:00
|
|
|
<algorithm>$<iterations>$<salt>$<hash>
|
2012-12-29 03:00:11 +08:00
|
|
|
|
2013-01-05 09:42:25 +08:00
|
|
|
Those are the components used for storing a User's password, separated by the
|
|
|
|
dollar-sign character and consist of: the hashing algorithm, the number of
|
|
|
|
algorithm iterations (work factor), the random salt, and the resulting password
|
|
|
|
hash. The algorithm is one of a number of one-way hashing or password storage
|
|
|
|
algorithms Django can use; see below. Iterations describe the number of times
|
|
|
|
the algorithm is run over the hash. Salt is the random seed used and the hash
|
|
|
|
is the result of the one-way function.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
By default, Django uses the PBKDF2_ algorithm with a SHA256 hash, a
|
|
|
|
password stretching mechanism recommended by NIST_. This should be
|
|
|
|
sufficient for most users: it's quite secure, requiring massive
|
|
|
|
amounts of computing time to break.
|
|
|
|
|
|
|
|
However, depending on your requirements, you may choose a different
|
|
|
|
algorithm, or even use a custom algorithm to match your specific
|
|
|
|
security situation. Again, most users shouldn't need to do this -- if
|
|
|
|
you're not sure, you probably don't. If you do, please read on:
|
|
|
|
|
2013-01-05 09:42:25 +08:00
|
|
|
Django chooses the algorithm to use by consulting the
|
|
|
|
:setting:`PASSWORD_HASHERS` setting. This is a list of hashing algorithm
|
|
|
|
classes that this Django installation supports. The first entry in this list
|
|
|
|
(that is, ``settings.PASSWORD_HASHERS[0]``) will be used to store passwords,
|
|
|
|
and all the other entries are valid hashers that can be used to check existing
|
|
|
|
passwords. This means that if you want to use a different algorithm, you'll
|
|
|
|
need to modify :setting:`PASSWORD_HASHERS` to list your preferred algorithm
|
|
|
|
first in the list.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
The default for :setting:`PASSWORD_HASHERS` is::
|
|
|
|
|
|
|
|
PASSWORD_HASHERS = (
|
|
|
|
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
|
2013-03-26 23:44:26 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
|
2012-12-29 03:00:11 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptPasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.SHA1PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.MD5PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.CryptPasswordHasher',
|
|
|
|
)
|
|
|
|
|
|
|
|
This means that Django will use PBKDF2_ to store all passwords, but will support
|
|
|
|
checking passwords stored with PBKDF2SHA1, bcrypt_, SHA1_, etc. The next few
|
|
|
|
sections describe a couple of common ways advanced users may want to modify this
|
|
|
|
setting.
|
|
|
|
|
|
|
|
.. _bcrypt_usage:
|
|
|
|
|
|
|
|
Using bcrypt with Django
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
Bcrypt_ is a popular password storage algorithm that's specifically designed
|
|
|
|
for long-term password storage. It's not the default used by Django since it
|
|
|
|
requires the use of third-party libraries, but since many people may want to
|
|
|
|
use it Django supports bcrypt with minimal effort.
|
|
|
|
|
|
|
|
To use Bcrypt as your default storage algorithm, do the following:
|
|
|
|
|
2014-04-18 02:28:09 +08:00
|
|
|
1. Install the `bcrypt library`_. This can be done by running ``pip install
|
|
|
|
django[bcrypt]``, or by downloading the library and installing it with
|
|
|
|
``python setup.py install``).
|
2012-12-29 03:00:11 +08:00
|
|
|
|
2013-03-26 23:44:26 +08:00
|
|
|
2. Modify :setting:`PASSWORD_HASHERS` to list ``BCryptSHA256PasswordHasher``
|
2012-12-29 03:00:11 +08:00
|
|
|
first. That is, in your settings file, you'd put::
|
|
|
|
|
|
|
|
PASSWORD_HASHERS = (
|
2013-03-26 23:44:26 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
|
2012-12-29 03:00:11 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptPasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.SHA1PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.MD5PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.CryptPasswordHasher',
|
|
|
|
)
|
|
|
|
|
|
|
|
(You need to keep the other entries in this list, or else Django won't
|
|
|
|
be able to upgrade passwords; see below).
|
|
|
|
|
|
|
|
That's it -- now your Django install will use Bcrypt as the default storage
|
|
|
|
algorithm.
|
|
|
|
|
2013-03-26 23:44:26 +08:00
|
|
|
.. admonition:: Password truncation with BCryptPasswordHasher
|
|
|
|
|
|
|
|
The designers of bcrypt truncate all passwords at 72 characters which means
|
|
|
|
that ``bcrypt(password_with_100_chars) == bcrypt(password_with_100_chars[:72])``.
|
|
|
|
The original ``BCryptPasswordHasher`` does not have any special handling and
|
|
|
|
thus is also subject to this hidden password length limit.
|
|
|
|
``BCryptSHA256PasswordHasher`` fixes this by first first hashing the
|
|
|
|
password using sha256. This prevents the password truncation and so should
|
|
|
|
be preferred over the ``BCryptPasswordHasher``. The practical ramification
|
|
|
|
of this truncation is pretty marginal as the average user does not have a
|
|
|
|
password greater than 72 characters in length and even being truncated at 72
|
|
|
|
the compute powered required to brute force bcrypt in any useful amount of
|
|
|
|
time is still astronomical. Nonetheless, we recommend you use
|
|
|
|
``BCryptSHA256PasswordHasher`` anyway on the principle of "better safe than
|
2013-03-27 03:26:20 +08:00
|
|
|
sorry".
|
2013-03-26 23:44:26 +08:00
|
|
|
|
2012-12-29 03:00:11 +08:00
|
|
|
.. admonition:: Other bcrypt implementations
|
|
|
|
|
|
|
|
There are several other implementations that allow bcrypt to be
|
|
|
|
used with Django. Django's bcrypt support is NOT directly
|
|
|
|
compatible with these. To upgrade, you will need to modify the
|
2013-03-22 17:50:45 +08:00
|
|
|
hashes in your database to be in the form ``bcrypt$(raw bcrypt
|
|
|
|
output)``. For example:
|
|
|
|
``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
2013-10-18 21:09:56 +08:00
|
|
|
.. _increasing-password-algorithm-work-factor:
|
|
|
|
|
2012-12-29 03:00:11 +08:00
|
|
|
Increasing the work factor
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
The PBKDF2 and bcrypt algorithms use a number of iterations or rounds of
|
|
|
|
hashing. This deliberately slows down attackers, making attacks against hashed
|
|
|
|
passwords harder. However, as computing power increases, the number of
|
|
|
|
iterations needs to be increased. We've chosen a reasonable default (and will
|
|
|
|
increase it with each release of Django), but you may wish to tune it up or
|
|
|
|
down, depending on your security needs and available processing power. To do so,
|
|
|
|
you'll subclass the appropriate algorithm and override the ``iterations``
|
|
|
|
parameters. For example, to increase the number of iterations used by the
|
|
|
|
default PBKDF2 algorithm:
|
|
|
|
|
|
|
|
1. Create a subclass of ``django.contrib.auth.hashers.PBKDF2PasswordHasher``::
|
|
|
|
|
|
|
|
from django.contrib.auth.hashers import PBKDF2PasswordHasher
|
|
|
|
|
|
|
|
class MyPBKDF2PasswordHasher(PBKDF2PasswordHasher):
|
|
|
|
"""
|
|
|
|
A subclass of PBKDF2PasswordHasher that uses 100 times more iterations.
|
|
|
|
"""
|
|
|
|
iterations = PBKDF2PasswordHasher.iterations * 100
|
|
|
|
|
|
|
|
Save this somewhere in your project. For example, you might put this in
|
|
|
|
a file like ``myproject/hashers.py``.
|
|
|
|
|
|
|
|
2. Add your new hasher as the first entry in :setting:`PASSWORD_HASHERS`::
|
|
|
|
|
|
|
|
PASSWORD_HASHERS = (
|
|
|
|
'myproject.hashers.MyPBKDF2PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
|
2013-03-26 23:44:26 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
|
2012-12-29 03:00:11 +08:00
|
|
|
'django.contrib.auth.hashers.BCryptPasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.SHA1PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.MD5PasswordHasher',
|
|
|
|
'django.contrib.auth.hashers.CryptPasswordHasher',
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
That's it -- now your Django install will use more iterations when it
|
|
|
|
stores passwords using PBKDF2.
|
|
|
|
|
2013-10-18 21:09:56 +08:00
|
|
|
.. _password-upgrades:
|
|
|
|
|
2012-12-29 03:00:11 +08:00
|
|
|
Password upgrading
|
|
|
|
------------------
|
|
|
|
|
|
|
|
When users log in, if their passwords are stored with anything other than
|
|
|
|
the preferred algorithm, Django will automatically upgrade the algorithm
|
|
|
|
to the preferred one. This means that old installs of Django will get
|
|
|
|
automatically more secure as users log in, and it also means that you
|
|
|
|
can switch to new (and better) storage algorithms as they get invented.
|
|
|
|
|
|
|
|
However, Django can only upgrade passwords that use algorithms mentioned in
|
|
|
|
:setting:`PASSWORD_HASHERS`, so as you upgrade to new systems you should make
|
2014-03-01 00:44:03 +08:00
|
|
|
sure never to *remove* entries from this list. If you do, users using
|
2014-03-24 23:42:56 +08:00
|
|
|
unmentioned algorithms won't be able to upgrade. Passwords will be upgraded
|
|
|
|
when changing the PBKDF2 iteration count.
|
2013-10-18 21:09:56 +08:00
|
|
|
|
2012-12-29 03:00:11 +08:00
|
|
|
.. _sha1: http://en.wikipedia.org/wiki/SHA1
|
|
|
|
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
|
|
|
|
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
|
|
|
|
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
|
2013-05-14 11:39:50 +08:00
|
|
|
.. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
|
|
|
|
Manually managing a user's password
|
|
|
|
===================================
|
|
|
|
|
|
|
|
.. module:: django.contrib.auth.hashers
|
|
|
|
|
2013-01-01 21:12:42 +08:00
|
|
|
The :mod:`django.contrib.auth.hashers` module provides a set of functions
|
|
|
|
to create and validate hashed password. You can use them independently
|
|
|
|
from the ``User`` model.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
.. function:: check_password(password, encoded)
|
|
|
|
|
|
|
|
If you'd like to manually authenticate a user by comparing a plain-text
|
|
|
|
password to the hashed password in the database, use the convenience
|
2013-01-01 21:12:42 +08:00
|
|
|
function :func:`check_password`. It takes two arguments: the plain-text
|
|
|
|
password to check, and the full value of a user's ``password`` field in the
|
|
|
|
database to check against, and returns ``True`` if they match, ``False``
|
|
|
|
otherwise.
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
.. function:: make_password(password[, salt, hashers])
|
|
|
|
|
|
|
|
Creates a hashed password in the format used by this application. It takes
|
|
|
|
one mandatory argument: the password in plain-text. Optionally, you can
|
|
|
|
provide a salt and a hashing algorithm to use, if you don't want to use the
|
|
|
|
defaults (first entry of ``PASSWORD_HASHERS`` setting).
|
|
|
|
Currently supported algorithms are: ``'pbkdf2_sha256'``, ``'pbkdf2_sha1'``,
|
2013-03-26 23:44:26 +08:00
|
|
|
``'bcrypt_sha256'`` (see :ref:`bcrypt_usage`), ``'bcrypt'``, ``'sha1'``,
|
|
|
|
``'md5'``, ``'unsalted_md5'`` (only for backward compatibility) and ``'crypt'``
|
2012-12-29 03:00:11 +08:00
|
|
|
if you have the ``crypt`` library installed. If the password argument is
|
|
|
|
``None``, an unusable password is returned (a one that will be never
|
2013-01-01 21:12:42 +08:00
|
|
|
accepted by :func:`check_password`).
|
2012-12-29 03:00:11 +08:00
|
|
|
|
|
|
|
.. function:: is_password_usable(encoded_password)
|
|
|
|
|
|
|
|
Checks if the given string is a hashed password that has a chance
|
2013-01-01 21:12:42 +08:00
|
|
|
of being verified against :func:`check_password`.
|