summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-10-18 09:09:56 -0400
committerFlorian Apolloner <florian@apolloner.eu>2013-10-21 20:32:02 +0200
commit28b70425afb2fb8bcbec09d249e37fa786f8a155 (patch)
tree4991dcd2fe3bbd4276ca3a781e95b7c9b58c8c3e
parent7d0d0dbf26a3c0d16e9c2b930fd6d7b89f215946 (diff)
Added docs for the hasher's iteration count changes.
-rw-r--r--docs/releases/1.6.txt3
-rw-r--r--docs/topics/auth/passwords.txt8
2 files changed, 10 insertions, 1 deletions
diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt
index 1c184ea170..651938ea7c 100644
--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -369,7 +369,8 @@ Minor features
increased by 20%. This backwards compatible change will not affect
existing passwords or users who have subclassed
``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
- default value.
+ default value. Passwords :ref:`will be upgraded <password-upgrades>` to use
+ the new iteration count as necessary.
Backwards incompatible changes in 1.6
=====================================
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index 7e4b59a99c..12b11822e1 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -124,6 +124,8 @@ algorithm.
output)``. For example:
``bcrypt$$2a$12$NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy``.
+.. _increasing-password-algorithm-work-factor:
+
Increasing the work factor
--------------------------
@@ -167,6 +169,8 @@ default PBKDF2 algorithm:
That's it -- now your Django install will use more iterations when it
stores passwords using PBKDF2.
+.. _password-upgrades:
+
Password upgrading
------------------
@@ -181,6 +185,10 @@ However, Django can only upgrade passwords that use algorithms mentioned in
sure never to *remove* entries from this list. If you do, users using un-
mentioned algorithms won't be able to upgrade.
+.. versionadded:: 1.6
+
+ Passwords will be upgraded when changing the PBKDF2 iteration count.
+
.. _sha1: http://en.wikipedia.org/wiki/SHA1
.. _pbkdf2: http://en.wikipedia.org/wiki/PBKDF2
.. _nist: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf