Password management in Django
Password management is something that should generally not be reinvented unnecessarily, and Django endeavors to provide a secure and flexible set of tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords.
How Django stores passwords
Django provides a flexible password storage system and uses PBKDF2 (for more information visit http://en.wikipedia.org/wiki/PBKDF2) by default. The password
attribute of a User
object is a string in this format:
<algorithm>$<iterations>$<salt>$<hash>
Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: ...
Get Mastering Django: Core now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.