Merge pull request #1062 from dstufft/switch-bcrypt-recommendations

Recommend using the bcrypt library instead of py-bcrypt
2013-05-14 16:20:32 -07:00 · 2013-05-14 16:20:32 -07:00 · c792c83cad
parent 8035533557 8f0a4665d6
commit c792c83cad
3 changed files with 8 additions and 8 deletions
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@ -263,13 +263,13 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
    Secure password hashing using the bcrypt algorithm (recommended)

    This is considered by many to be the most secure algorithm but you
-    must first install the py-bcrypt library.  Please be warned that
+    must first install the bcrypt library.  Please be warned that
    this library depends on native C code and might cause portability
    issues.
    """
    algorithm = "bcrypt_sha256"
    digest = hashlib.sha256
-    library = ("py-bcrypt", "bcrypt")
+    library = ("bcrypt", "bcrypt")
    rounds = 12

    def salt(self):
@ -329,7 +329,7 @@ class BCryptPasswordHasher(BCryptSHA256PasswordHasher):
    Secure password hashing using the bcrypt algorithm

    This is considered by many to be the most secure algorithm but you
-    must first install the py-bcrypt library.  Please be warned that
+    must first install the bcrypt library.  Please be warned that
    this library depends on native C code and might cause portability
    issues.

--- a/django/contrib/auth/tests/test_hashers.py
+++ b/django/contrib/auth/tests/test_hashers.py
@ -92,7 +92,7 @@ class TestUtilsHashPass(unittest.TestCase):
        self.assertFalse(check_password('lètmeiz', encoded))
        self.assertEqual(identify_hasher(encoded).algorithm, "crypt")

-    @skipUnless(bcrypt, "py-bcrypt not installed")
+    @skipUnless(bcrypt, "bcrypt not installed")
    def test_bcrypt_sha256(self):
        encoded = make_password('lètmein', hasher='bcrypt_sha256')
        self.assertTrue(is_password_usable(encoded))
@ -108,7 +108,7 @@ class TestUtilsHashPass(unittest.TestCase):
        self.assertTrue(check_password(password, encoded))
        self.assertFalse(check_password(password[:72], encoded))

-    @skipUnless(bcrypt, "py-bcrypt not installed")
+    @skipUnless(bcrypt, "bcrypt not installed")
    def test_bcrypt(self):
        encoded = make_password('lètmein', hasher='bcrypt')
        self.assertTrue(is_password_usable(encoded))
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@ -76,8 +76,8 @@ use it Django supports bcrypt with minimal effort.

 To use Bcrypt as your default storage algorithm, do the following:

-1. Install the `py-bcrypt`_ library (probably by running ``sudo pip install
-   py-bcrypt``, or downloading the library and installing it with ``python
+1. Install the `bcrypt library`_ (probably by running ``sudo pip install
+   bcrypt``, or downloading the library and installing it with ``python
   setup.py install``).

 2. Modify :setting:`PASSWORD_HASHERS` to list ``BCryptSHA256PasswordHasher``
@ -185,7 +185,7 @@ mentioned algorithms won't be able to upgrade.
 .. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
 .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
 .. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
-.. _py-bcrypt: http://pypi.python.org/pypi/py-bcrypt/
+.. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/


 Manually managing a user's password