Re: Improved password hashing for 1.4

2011-09-11 Thread Daniel Swarbrick
On Sep 12, 2:58 am, Jacob Kaplan-Moss wrote: > > If you're going to let Paul look at your work, please make sure you've > read and signed a CLA (https://www.djangoproject.com/foundation/cla/) > covering the code in question. Jacob, you're absolutely right, and I should really

Re: Improved password hashing for 1.4

2011-09-11 Thread Jacob Kaplan-Moss
On Sun, Sep 11, 2011 at 6:11 PM, Daniel Swarbrick wrote: > License? What license? Heheh... my PBKDF2 implementation is solely > being used by an in-house Django app. I haven't open sourced it, but > am perfectly willing to let you guys pick over the PBKDF2 class and >

Re: Improved password hashing for 1.4

2011-09-11 Thread Daniel Swarbrick
On Sep 10, 11:36 pm, Paul McMillan wrote: > Yes, you're absolutely right. My choice of words was incorrect. Is > your python implementation licensed in such a way that we could > consider including it in Django? We've looked at a couple > implementations now, having another

Re: Improved password hashing for 1.4

2011-09-10 Thread Paul McMillan
> Having recently written a Python implementation of PBKDF2 myself, I'd > just like to quietly point out that it is not a hashing algorithm. It > is a Key Derivation Function. That is, it's a way of generating key > material for crypto functions, from a password source. Yes, you're absolutely

Re: Improved password hashing for 1.4

2011-09-10 Thread Russell Keith-Magee
On Sat, Sep 10, 2011 at 11:54 AM, Paul McMillan wrote: > In conjunction with Justine Tunney, Isaac Kelly and Russell KM, I'd > like to introduce our plan of attack for including significantly > better password hashing in Django 1.4. One of the key goals with this > push is to

Re: Improved password hashing for 1.4

2011-09-10 Thread Daniel Swarbrick
On Sep 10, 5:54 am, Paul McMillan wrote: > > The default password hashing algorithm will be changed to PBKDF2. > We'll include a pure python implementation, but preferably load faster > versions if available at the system level. > Having recently written a Python implementation

Re: Improved password hashing for 1.4

2011-09-09 Thread Carl Meyer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2011 09:54 PM, Paul McMillan wrote: > In conjunction with Justine Tunney, Isaac Kelly and Russell KM, I'd > like to introduce our plan of attack for including significantly > better password hashing in Django 1.4. One of the key goals with

Improved password hashing for 1.4

2011-09-09 Thread Paul McMillan
In conjunction with Justine Tunney, Isaac Kelly and Russell KM, I'd like to introduce our plan of attack for including significantly better password hashing in Django 1.4. One of the key goals with this push is to include just enough functionality that we can improve this particular aspect of