Detailed Explanation of Implementation Process of Django Cryptosystem
- 2021-07-24 11:06:28
- OfStack
1. Django password storage and encryption
# Algorithm + Iteration + Salt + Encryption
<algorithm>$<iterations>$<salt>$<hash>
Default encryption mode configuration
#settings Default configuration in
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
]
#PASSWORD_HASHERS[0] Is the encrypted storage method being used, and other methods that can be used when verifying passwords
Default encryption mode configuration
All supported hasher
[
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
]
All supported hasher
2. Verify your password manually
# And the password of the database
check_password(password, encoded)
# Manually generate encrypted passwords, if password=None The generated password can never be check_password()
make_password(password, salt=None, hasher='default')
# Check whether the password can be used by check_password()
is_password_usable(encoded_password)
3. Password format verification
AUTH_PASSWORD_VALIDATORS = [
# Check the similarity with user information
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
# Minimum length of verification password
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 9,
}
},
# Check whether it is too simple (easy to guess) password
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
# Verify whether it is pure number
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
4. Customize
Official original