Refs #24115 -- Added docs for password updates on bcrypt rounds change.

This commit is contained in:
Tim Graham 2015-09-22 19:30:31 -04:00
parent 134ca4d438
commit cb1e779ceb
1 changed files with 7 additions and 3 deletions

View File

@ -191,8 +191,13 @@ can switch to new (and better) storage algorithms as they get invented.
However, Django can only upgrade passwords that use algorithms mentioned in However, Django can only upgrade passwords that use algorithms mentioned in
:setting:`PASSWORD_HASHERS`, so as you upgrade to new systems you should make :setting:`PASSWORD_HASHERS`, so as you upgrade to new systems you should make
sure never to *remove* entries from this list. If you do, users using sure never to *remove* entries from this list. If you do, users using
unmentioned algorithms won't be able to upgrade. Passwords will be upgraded unmentioned algorithms won't be able to upgrade. Hashed passwords will be
when changing the PBKDF2 iteration count. updated when increasing (or decreasing) the number of PBKDF2 iterations or
bcrypt rounds.
.. versionchanged:: 1.9
Passwords updates when changing the number of bcrypt rounds was added.
.. _sha1: https://en.wikipedia.org/wiki/SHA1 .. _sha1: https://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: https://en.wikipedia.org/wiki/PBKDF2 .. _pbkdf2: https://en.wikipedia.org/wiki/PBKDF2
@ -200,7 +205,6 @@ when changing the PBKDF2 iteration count.
.. _bcrypt: https://en.wikipedia.org/wiki/Bcrypt .. _bcrypt: https://en.wikipedia.org/wiki/Bcrypt
.. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/ .. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/
Manually managing a user's password Manually managing a user's password
=================================== ===================================