We have access to the plain text password when the user logs in. On Tuesday, September 22, 2015 at 1:23:01 PM UTC-4, Xof wrote: > > > On Sep 22, 2015, at 10:18 AM, Tim Graham <timog...@gmail.com <javascript:>> > wrote: > > > As I understand it, the problem with increasing the number of iterations > on the slower hasher is that upgrading Django could effectively result in a > DDoS attack after you upgrade Django as users passwords are upgraded. > > Is that correct? My understanding was that the passwords were only > modified when changed. Given that it is a unidirectional hash, I'm not > sure how they *would* be rehashed. > > -- > -- Christophe Pettus > x...@thebuild.com <javascript:> > >
-- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ede8e9f2-cd9f-4d4f-aad6-36f52893957d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
