From 28b70425afb2fb8bcbec09d249e37fa786f8a155 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Fri, 18 Oct 2013 09:09:56 -0400 Subject: [PATCH] Added docs for the hasher's iteration count changes. --- docs/releases/1.6.txt | 3 ++- docs/topics/auth/passwords.txt | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt index 1c184ea170..651938ea7c 100644 --- a/docs/releases/1.6.txt +++ b/docs/releases/1.6.txt @@ -369,7 +369,8 @@ Minor features increased by 20%. This backwards compatible change will not affect existing passwords or users who have subclassed ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the - default value. + default value. Passwords :ref:`will be upgraded ` to use + the new iteration count as necessary. Backwards incompatible changes in 1.6 ===================================== diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index 7e4b59a99c..12b11822e1 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -124,6 +124,8 @@ algorithm. output)``. For example: ``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``. +.. _increasing-password-algorithm-work-factor: + Increasing the work factor -------------------------- @@ -167,6 +169,8 @@ default PBKDF2 algorithm: That's it -- now your Django install will use more iterations when it stores passwords using PBKDF2. +.. _password-upgrades: + Password upgrading ------------------ @@ -181,6 +185,10 @@ However, Django can only upgrade passwords that use algorithms mentioned in sure never to *remove* entries from this list. If you do, users using un- mentioned algorithms won't be able to upgrade. +.. versionadded:: 1.6 + + Passwords will be upgraded when changing the PBKDF2 iteration count. + .. _sha1: http://en.wikipedia.org/wiki/SHA1 .. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2 .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf