#24115: Bcrypt hashers don't implement must_update -------------------------------+-------------------------------------- Reporter: cancan101 | Owner: nobody Type: Bug | Status: new Component: Uncategorized | Version: master Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+-------------------------------------- Description changed by cancan101:
Old description: > If the number of rounds is changed for the > [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L273 > bcrypt hashers] it does not appear that the must_update will never return > True. This is because the > [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L216 > default implementation is used]. > > For comparison, see > [https://pythonhosted.org/passlib/lib/passlib.context.html#hash-migration > passlib] which does in fact perform migrations for bcrypt. New description: If the number of rounds is changed for the [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L273 bcrypt hashers] it does not appear that the must_update will ever return True. This is because the [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L216 default implementation is used]. For comparison, see [https://pythonhosted.org/passlib/lib/passlib.context.html#hash-migration passlib] which does in fact perform migrations for bcrypt. -- -- Ticket URL: <https://code.djangoproject.com/ticket/24115#comment:2> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/067.b7ecdb42c1be793167cfff3830bd75b7%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.