diff options
| author | Roy Zheng <roycraft3@gmail.com> | 2020-08-10 14:30:39 -0700 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-08-11 07:51:27 +0200 |
| commit | 804f2b70244d435c63f7f7c6312a829bc41b2ca4 (patch) | |
| tree | c34698ef7f0d81298da3a21dcda6e829aeac41b4 | |
| parent | ebd78a9f97d8ba850d279a844d89a1d805370738 (diff) | |
Added note about password updates on argon2 attributes change.
| -rw-r--r-- | docs/topics/auth/passwords.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index cc8ca55501..00381ecdeb 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -224,8 +224,8 @@ However, Django can only upgrade passwords that use algorithms mentioned in :setting:`PASSWORD_HASHERS`, so as you upgrade to new systems you should make sure never to *remove* entries from this list. If you do, users using unmentioned algorithms won't be able to upgrade. Hashed passwords will be -updated when increasing (or decreasing) the number of PBKDF2 iterations or -bcrypt rounds. +updated when increasing (or decreasing) the number of PBKDF2 iterations, bcrypt +rounds, or argon2 attributes. Be aware that if all the passwords in your database aren't encoded in the default hasher's algorithm, you may be vulnerable to a user enumeration timing |
