Password management in Django
Password management is something that should generally not be reinvented unnecessarily, and Django endeavors to provide a secure and flexible set of tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords.
How Django stores passwords
Django provides a flexible password storage system and uses PBKDF2 (for more information visit http://en.wikipedia.org/wiki/PBKDF2) by default. The
password attribute of a
User object is a string in this format:
Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: ...