Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.6.x] Added docs for the hasher's iteration count changes.

Backport of 28b7042 from master.
  • Loading branch information...
commit 86373dc63e8e7e06c18878d97c024b40382dc875 1 parent 823951e
@timgraham timgraham authored apollo13 committed
Showing with 10 additions and 1 deletion.
  1. +2 −1  docs/releases/1.6.txt
  2. +8 −0 docs/topics/auth/passwords.txt
View
3  docs/releases/1.6.txt
@@ -369,7 +369,8 @@ Minor features
increased by 20%. This backwards compatible change will not affect
existing passwords or users who have subclassed
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
- default value.
+ default value. Passwords :ref:`will be upgraded <password-upgrades>` to use
+ the new iteration count as necessary.
Backwards incompatible changes in 1.6
=====================================
View
8 docs/topics/auth/passwords.txt
@@ -124,6 +124,8 @@ algorithm.
output)``. For example:
``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``.
+.. _increasing-password-algorithm-work-factor:
+
Increasing the work factor
--------------------------
@@ -167,6 +169,8 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2.
+.. _password-upgrades:
+
Password upgrading
------------------
@@ -181,6 +185,10 @@ However, Django can only upgrade passwords that use algorithms mentioned in
sure never to *remove* entries from this list. If you do, users using un-
mentioned algorithms won't be able to upgrade.
+.. versionadded:: 1.6
+
+ Passwords will be upgraded when changing the PBKDF2 iteration count.
+
.. _sha1: http://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
Please sign in to comment.
Something went wrong with that request. Please try again.