Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Recommend using the bcrypt library instead of py-bcrypt

* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
  • Loading branch information...
commit 8f0a4665d67868dce2e204dd592b0f133edf7943 1 parent 1708c8a
Donald Stufft authored May 13, 2013
6  django/contrib/auth/hashers.py
@@ -263,13 +263,13 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
263 263
     Secure password hashing using the bcrypt algorithm (recommended)
264 264
 
265 265
     This is considered by many to be the most secure algorithm but you
266  
-    must first install the py-bcrypt library.  Please be warned that
  266
+    must first install the bcrypt library.  Please be warned that
267 267
     this library depends on native C code and might cause portability
268 268
     issues.
269 269
     """
270 270
     algorithm = "bcrypt_sha256"
271 271
     digest = hashlib.sha256
272  
-    library = ("py-bcrypt", "bcrypt")
  272
+    library = ("bcrypt", "bcrypt")
273 273
     rounds = 12
274 274
 
275 275
     def salt(self):
@@ -329,7 +329,7 @@ class BCryptPasswordHasher(BCryptSHA256PasswordHasher):
329 329
     Secure password hashing using the bcrypt algorithm
330 330
 
331 331
     This is considered by many to be the most secure algorithm but you
332  
-    must first install the py-bcrypt library.  Please be warned that
  332
+    must first install the bcrypt library.  Please be warned that
333 333
     this library depends on native C code and might cause portability
334 334
     issues.
335 335
 
4  django/contrib/auth/tests/test_hashers.py
@@ -92,7 +92,7 @@ def test_crypt(self):
92 92
         self.assertFalse(check_password('lètmeiz', encoded))
93 93
         self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
94 94
 
95  
-    @skipUnless(bcrypt, "py-bcrypt not installed")
  95
+    @skipUnless(bcrypt, "bcrypt not installed")
96 96
     def test_bcrypt_sha256(self):
97 97
         encoded = make_password('lètmein', hasher='bcrypt_sha256')
98 98
         self.assertTrue(is_password_usable(encoded))
@@ -108,7 +108,7 @@ def test_bcrypt_sha256(self):
108 108
         self.assertTrue(check_password(password, encoded))
109 109
         self.assertFalse(check_password(password[:72], encoded))
110 110
 
111  
-    @skipUnless(bcrypt, "py-bcrypt not installed")
  111
+    @skipUnless(bcrypt, "bcrypt not installed")
112 112
     def test_bcrypt(self):
113 113
         encoded = make_password('lètmein', hasher='bcrypt')
114 114
         self.assertTrue(is_password_usable(encoded))
6  docs/topics/auth/passwords.txt
@@ -76,8 +76,8 @@ use it Django supports bcrypt with minimal effort.
76 76
 
77 77
 To use Bcrypt as your default storage algorithm, do the following:
78 78
 
79  
-1. Install the `py-bcrypt`_ library (probably by running ``sudo pip install
80  
-   py-bcrypt``, or downloading the library and installing it with ``python
  79
+1. Install the `bcrypt library`_ (probably by running ``sudo pip install
  80
+   bcrypt``, or downloading the library and installing it with ``python
81 81
    setup.py install``).
82 82
 
83 83
 2. Modify :setting:`PASSWORD_HASHERS` to list ``BCryptSHA256PasswordHasher``
@@ -185,7 +185,7 @@ mentioned algorithms won't be able to upgrade.
185 185
 .. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
186 186
 .. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
187 187
 .. _bcrypt: http://en.wikipedia.org/wiki/Bcrypt
188  
-.. _py-bcrypt: http://pypi.python.org/pypi/py-bcrypt/
  188
+.. _`bcrypt library`: https://pypi.python.org/pypi/bcrypt/
189 189
 
190 190
 
191 191
 Manually managing a user's password

0 notes on commit 8f0a466

Please sign in to comment.
Something went wrong with that request. Please try again.