Browse files

Added password hashing improvements to 1.4 alpha 1 release notes.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent d49fd62 commit 2d1a681f77259e9652c357a634920d7f8f1ecd97 @PaulMcMillan PaulMcMillan committed Dec 23, 2011
Showing with 17 additions and 0 deletions.
  1. +17 −0 docs/releases/1.4-alpha-1.txt
@@ -99,6 +99,23 @@ allows you to fix a very common performance problem in which your code ends up
doing O(n) database queries (or worse) if objects on your primary ``QuerySet``
each have many related objects that you also need.
+Improved password hashing
+Django's auth system (``django.contrib.auth``) stores passwords using a one-way
+algorithm. Django 1.3 uses the SHA1_ algorithm, but increasing processor speeds
+and theoretical attacks have revealed that SHA1 isn't as secure as we'd like.
+Thus, Django 1.4 introduces a new password storage system: by default Django now
+uses the PBKDF2_ algorithm (as recommended by NIST_). You can also easily choose
+a different algorithm (including the popular bcrypt_ algorithm). For more
+details, see :ref:`auth_password_storage`.
+.. _sha1:
+.. _pbkdf2:
+.. _nist:
+.. _bcrypt:
HTML5 Doctype

0 comments on commit 2d1a681

Please sign in to comment.