On Sep 10, 5:54 am, Paul McMillan <p...@mcmillan.ws> wrote: > > The default password hashing algorithm will be changed to PBKDF2. > We'll include a pure python implementation, but preferably load faster > versions if available at the system level. >
Having recently written a Python implementation of PBKDF2 myself, I'd just like to quietly point out that it is not a hashing algorithm. It is a Key Derivation Function. That is, it's a way of generating key material for crypto functions, from a password source. PBKDF2 makes use of a hashing algorithm (SHA1 by default), and repeatedly hashes a password plus salt to effectively "stretch" the number of bits in a password, and generate longer keys for crypto algorithms such as AES. The greater the number of rounds of hashing, the more the original password is "stretched", costing an attacker more computing time in the process. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.