Added documentation for r17418. Refs #17481.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17513 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Aymeric Augustin 2012-02-12 14:29:30 +00:00
parent 1c9c29b5b2
commit 61fe50fdd6
1 changed files with 16 additions and 1 deletions

View File

@ -115,6 +115,21 @@ details, see :ref:`auth_password_storage`.
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
.. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt .. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
.. warning::
Django 1.4 alpha contained a bug that corrupted PBKDF2 hashes. To
determine which accounts are affected, run :djadmin:`manage.py shell
<shell>` and paste this snippet::
from base64 import b64decode
from django.contrib.auth.models import User
hash_len = {'pbkdf2_sha1': 20, 'pbkdf2_sha256': 32}
for user in User.objects.filter(password__startswith='pbkdf2_'):
algo, _, _, hash = user.password.split('$')
if len(b64decode(hash)) != hash_len[algo]:
print user
These users should reset their passwords.
HTML5 Doctype HTML5 Doctype
~~~~~~~~~~~~~ ~~~~~~~~~~~~~