To quote the issue 5600:
So I think the only thing we can do here is increase the salt size.
I think anyone who feels they need more security will have to implement a
custom authentication backend; building this into Django is just to
fraught with danger.
Yet the patch for the salt-size only increase, it was added not 24 hours
after that, still didn't make its way into any release as far as I'm
aware of it.
Given the current 20-bit length (5 hex chars), salt-collisions will happen.
On 02/11/2011 04:04 PM, Russell Keith-Magee wrote:
If an idea is important enough, we will include compatibility options
for older Python versions.
In a nutshell, if something requires python >= 2.5 or a lib for older
versions of Python, forget about adding it.
That's not true at all.
... but to say that we won't do
this at all is patently and demonstrably incorrect.
Sorry if it came along as too harsh --
I apologize if I sound a bit grumpy, but I've spend the last 5 days with
> monkey-patching a local branch of the auth lib...
Once again, I didn't mean to insult any dev (running a few projects
myself, so I know how much work it is) and I appreciate the work that is
done.
Yours,
Russell Keith-Magee
Cheers,
coh
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
