Of Stack

Detailed Explanation of Implementation Process of Django Cryptosystem

  • 2021-07-24 11:06:28
  • OfStack

1. Django password storage and encryption

# Algorithm + Iteration + Salt + Encryption

<algorithm>$<iterations>$<salt>$<hash>

Default encryption mode configuration 


#settings Default configuration in 
PASSWORD_HASHERS = [
  'django.contrib.auth.hashers.PBKDF2PasswordHasher',
  'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
  'django.contrib.auth.hashers.Argon2PasswordHasher',
  'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
  'django.contrib.auth.hashers.BCryptPasswordHasher',
]

#PASSWORD_HASHERS[0] Is the encrypted storage method being used, and other methods that can be used when verifying passwords 

 Default encryption mode configuration

All supported hasher 


[
  'django.contrib.auth.hashers.PBKDF2PasswordHasher',
  'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
  'django.contrib.auth.hashers.Argon2PasswordHasher',
  'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
  'django.contrib.auth.hashers.BCryptPasswordHasher',
  'django.contrib.auth.hashers.SHA1PasswordHasher',
  'django.contrib.auth.hashers.MD5PasswordHasher',
  'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
  'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
  'django.contrib.auth.hashers.CryptPasswordHasher',
]

 All supported hasher

2. Verify your password manually 


# And the password of the database 
check_password(password, encoded)

# Manually generate encrypted passwords, if password=None The generated password can never be check_password()
make_password(password, salt=None, hasher='default')

# Check whether the password can be used by check_password()
is_password_usable(encoded_password)

3. Password format verification 


AUTH_PASSWORD_VALIDATORS = [

# Check the similarity with user information 
  {
    'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
  },

# Minimum length of verification password 
  {
    'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    'OPTIONS': {
      'min_length': 9,
    }
  },

# Check whether it is too simple (easy to guess) password 
  {
    'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
  },

# Verify whether it is pure number 
  {
    'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
  },
]

4. Customize

Custom hash algorithm Upgrade the existing hash algorithm Custom password format verification

Official original

Related articles: