Added documentation for r17418. Refs #17481.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17513 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
1c9c29b5b2
commit
61fe50fdd6
|
@ -115,6 +115,21 @@ details, see :ref:`auth_password_storage`.
|
|||
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
|
||||
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
|
||||
|
||||
.. warning::
|
||||
|
||||
Django 1.4 alpha contained a bug that corrupted PBKDF2 hashes. To
|
||||
determine which accounts are affected, run :djadmin:`manage.py shell
|
||||
<shell>` and paste this snippet::
|
||||
|
||||
from base64 import b64decode
|
||||
from django.contrib.auth.models import User
|
||||
hash_len = {'pbkdf2_sha1': 20, 'pbkdf2_sha256': 32}
|
||||
for user in User.objects.filter(password__startswith='pbkdf2_'):
|
||||
algo, _, _, hash = user.password.split('$')
|
||||
if len(b64decode(hash)) != hash_len[algo]:
|
||||
print user
|
||||
|
||||
These users should reset their passwords.
|
||||
|
||||
HTML5 Doctype
|
||||
~~~~~~~~~~~~~
|
||||
|
|
Loading…
Reference in New Issue