Russ, Carl, thanks for your feedback. Russ, I understand what you say about not wanting to adopt crypto code because of the additional responsibility. Unfortunately, there aren't very good options. Django contrib.auth already makes the recommendation of SHA1 which we all agree is less than ideal. There is simply no acceptable choice in the python standard library. I also agree with Carl that PBKDF2 is probably the most conservative option that qualifies as sufficient.
It seems like the canonical implementation of PBKDF2 in python is Dwayne Litzenberger's. I think it is simple enough to audit for flaws and stable enough not to cause too much trouble maintaining: http://www.dlitz.net/software/python-pbkdf2/ http://ftp.dlitz.net/pub/dlitz/crypto/pkcs5-pbkdf2/1.2/PBKDF2.py http://en.wikipedia.org/wiki/PBKDF2 I understand that everyone has their hands full with the 1.3 release so I've gone ahead and opened a new ticket to track contributions to this issue off-list. Anyone interested can track contributions there: http://code.djangoproject.com/ticket/15367 Perhaps once the authentication methods are decoupled from the User object as you plan it becomes sufficiently easy for third party libraries to replace the hashing algorithm. If that happens, then this default hashing can be ported to that technique. I do think it is important to make it "easy enough" for a developer to upgrade to a different library of choice. For now though, I'm ok with working on a conservative (but improved) default for Django 1.4. -Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.