Re: [Django] #24115: Bcrypt hashers don't implement must_update

Sun, 11 Jan 2015 13:27:25 -0800 

#24115: Bcrypt hashers don't implement must_update
-------------------------------+--------------------------------------
     Reporter:  cancan101      |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  Uncategorized  |                  Version:  master
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------
Description changed by cancan101:

Old description:

> If the number of rounds is changed for the
> [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L273
> bcrypt hashers] it does not appear that the must_update will never return
> True. This is because the
> [https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L216
> default implementation is used].
>
> For comparison, see
> [https://pythonhosted.org/passlib/lib/passlib.context.html#hash-migration
> passlib] which does in fact perform migrations for bcrypt.

New description:

 If the number of rounds is changed for the
 
[https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L273
 bcrypt hashers] it does not appear that the must_update will ever return
 True. This is because the
 
[https://github.com/django/django/blob/5dddd79433ceb88ab67d9851b49a44ce5b8f509c/django/contrib/auth/hashers.py#L216
 default implementation is used].

 For comparison, see
 [https://pythonhosted.org/passlib/lib/passlib.context.html#hash-migration
 passlib] which does in fact perform migrations for bcrypt.

--

--
Ticket URL: <https://code.djangoproject.com/ticket/24115#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.b7ecdb42c1be793167cfff3830bd75b7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to