Password management in Django

Password management is something that should generally not be reinvented unnecessarily, and Django endeavors to provide a secure and flexible set of tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords.

How Django stores passwords

Django provides a flexible password storage system and uses PBKDF2 (for more information visit http://en.wikipedia.org/wiki/PBKDF2) by default. The password attribute of a User object is a string in this format:

<algorithm>$<iterations>$<salt>$<hash> 

Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: ...

Get Mastering Django: Core now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.