[1.6.x] Added docs for the hasher's iteration count changes.

Backport of 28b70425af from master.
This commit is contained in:
Tim Graham 2013-10-18 09:09:56 -04:00 committed by Florian Apolloner
parent 823951ec55
commit 86373dc63e
2 changed files with 10 additions and 1 deletions

View File

@ -369,7 +369,8 @@ Minor features
increased by 20%. This backwards compatible change will not affect
existing passwords or users who have subclassed
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
default value.
default value. Passwords :ref:`will be upgraded <password-upgrades>` to use
the new iteration count as necessary.
Backwards incompatible changes in 1.6
=====================================

View File

@ -124,6 +124,8 @@ algorithm.
output)``. For example:
``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``.
.. _increasing-password-algorithm-work-factor:
Increasing the work factor
--------------------------
@ -167,6 +169,8 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2.
.. _password-upgrades:
Password upgrading
------------------
@ -181,6 +185,10 @@ However, Django can only upgrade passwords that use algorithms mentioned in
sure never to *remove* entries from this list. If you do, users using un-
mentioned algorithms won't be able to upgrade.
.. versionadded:: 1.6
Passwords will be upgraded when changing the PBKDF2 iteration count.
.. _sha1: http://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf