Use crypt instead of sha1 as password hash algorithm

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Place an otherwise blank app in settings.INSTALLED_APPS
# and add the following into the app's models.py:

from django.db.models import signals
from django.dispatch import dispatcher
from django.contrib.auth import models as auth_app
import new, crypt, random, string
from django.utils.encoding import smart_str

def set_password_crypt(self, raw_password):
    algo = 'crypt'
    saltchars = string.ascii_letters + string.digits + './'
    salt = ''.join(random.choice(saltchars) for i in range(2))
    hsh = crypt.crypt(smart_str(raw_password), salt)
    self.password = '%s$%s$%s' % (algo, salt, hsh)

def replace_set_password(instance=None):
    instance.set_password = new.instancemethod(
        set_password_crypt, instance, instance.__class__)

dispatcher.connect(replace_set_password,
                   sender=auth_app.User,
                   signal=signals.post_init)

More like this

  1. Drupal password hasher for migration by dgrtwo 1 year, 2 months ago
  2. UserForeignKey by hawkeye 5 years, 3 months ago
  3. Instructions and code to use drupal 7 passwords by grillermo 2 weeks, 2 days ago
  4. phpbb (2.x) authentication backend by bram 4 years, 10 months ago
  5. Sign a string using SHA1, then shrink it using url-safe base65 by simon 4 years, 9 months ago

Comments

buriy (on August 27, 2007):

how the last line is better than the following:

from django.contrib.auth.models import User
User.set_password = set_password_crypt

#

akaihola (on January 29, 2008):

buriy, that's monkey patching, and I've been told it's not considered good practice.

#

(Forgotten your password?)