I'm not sure if we can keep support for unsalted hashes while removing the special logic in identify_hasher() for those hashers since they don't confirm to Django's normal hash format? https://github.com/django/django/pull/6082/files#diff-2f01db46550174ad3e55be7070b98ec9
I guess a use case where you are integrating with a legacy system that doesn't allow upgrading of passwords wouldn't allow the "wrapping hashers" technique. On Friday, February 5, 2016 at 9:38:23 AM UTC-5, Donald Stufft wrote: > > > > > On Feb 5, 2016, at 7:05 AM, Rafał Pitoń <rafio...@gmail.com > <javascript:>> wrote: > > > > Will I still be able to implement unsalted hasher if I so desire? > > > > Don't get me wrong, I understand thats pretty crappy way to store > password, but there are times when you inherit large set of data from site > that you are moving from some old PHP contraption that happens to be around > since 2006, is big (>1000000 users), ran by company that dominates one of > nation's markets and says "absolutely no" on making all those housewifes > reset passwords, and your passwords happen to use md5(md5(pass) + > md5(pass)) for passwords? > > > You can implement them still sure, there’s nothing stopping you. > > > You can also do bcrypt(md5(md5(pass) + md5(pass)) and then you’ve fixed > the issue without needing to issue a password reset. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/b3575cfa-ad79-42b0-9336-8f5bf31a6e55%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
