mirror of https://github.com/django/django.git
Added documentation for r17418. Refs #17481.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17513 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
1c9c29b5b2
commit
61fe50fdd6
|
@ -115,6 +115,21 @@ details, see :ref:`auth_password_storage`.
|
||||||
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
|
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
|
||||||
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
|
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
Django 1.4 alpha contained a bug that corrupted PBKDF2 hashes. To
|
||||||
|
determine which accounts are affected, run :djadmin:`manage.py shell
|
||||||
|
<shell>` and paste this snippet::
|
||||||
|
|
||||||
|
from base64 import b64decode
|
||||||
|
from django.contrib.auth.models import User
|
||||||
|
hash_len = {'pbkdf2_sha1': 20, 'pbkdf2_sha256': 32}
|
||||||
|
for user in User.objects.filter(password__startswith='pbkdf2_'):
|
||||||
|
algo, _, _, hash = user.password.split('$')
|
||||||
|
if len(b64decode(hash)) != hash_len[algo]:
|
||||||
|
print user
|
||||||
|
|
||||||
|
These users should reset their passwords.
|
||||||
|
|
||||||
HTML5 Doctype
|
HTML5 Doctype
|
||||||
~~~~~~~~~~~~~
|
~~~~~~~~~~~~~
|
||||||
|
|
Loading…
Reference in New Issue