Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added documentation for r17418. Refs #17481.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17513 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 61fe50fdd6c74e03c365606d3270e831e81a1e4b 1 parent 1c9c29b
Aymeric Augustin authored February 12, 2012

Showing 1 changed file with 16 additions and 1 deletion. Show diff stats Hide diff stats

  1. 17  docs/releases/1.4-beta-1.txt
17  docs/releases/1.4-beta-1.txt
@@ -115,6 +115,21 @@ details, see :ref:`auth_password_storage`.
115 115
 .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
116 116
 .. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
117 117
 
  118
+.. warning::
  119
+
  120
+    Django 1.4 alpha contained a bug that corrupted PBKDF2 hashes. To
  121
+    determine which accounts are affected, run :djadmin:`manage.py shell
  122
+    <shell>` and paste this snippet::
  123
+
  124
+        from base64 import b64decode
  125
+        from django.contrib.auth.models import User
  126
+        hash_len = {'pbkdf2_sha1': 20, 'pbkdf2_sha256': 32}
  127
+        for user in User.objects.filter(password__startswith='pbkdf2_'):
  128
+            algo, _, _, hash = user.password.split('$')
  129
+            if len(b64decode(hash)) != hash_len[algo]:
  130
+                print user
  131
+
  132
+    These users should reset their passwords.
118 133
 
119 134
 HTML5 Doctype
120 135
 ~~~~~~~~~~~~~
@@ -557,7 +572,7 @@ Django 1.4 also includes several smaller improvements worth noting:
557 572
 
558 573
 * New phrases added to ``HIDDEN_SETTINGS`` regex in `django/views/debug.py`_.
559 574
 
560  
-  ``'API'``, ``'TOKEN'``, ``'KEY'`` were added, ``'PASSWORD'`` was changed to 
  575
+  ``'API'``, ``'TOKEN'``, ``'KEY'`` were added, ``'PASSWORD'`` was changed to
561 576
   ``'PASS'``.
562 577
 
563 578
 .. _django/views/debug.py: http://code.djangoproject.com/browser/django/trunk/django/views/debug.py

0 notes on commit 61fe50f

Please sign in to comment.
Something went wrong with that request. Please try again.