我似乎已经解决了这个问题,我发现一个模块在我们的django 1.3机器的md5crypt中进行加密,然后进入我的django /usr/local/lib/python2.7/dist-packages/django/contrib/auth /hashers.py文件,并定义了新的散列器类:
#imported md5crypt.py module that I moved to /usr/local/lib/python2.7/dist-packages/django/contrib/auth/
from django.contrib.auth import md5crypt
class MD5CryptPasswordHasher(BasePasswordHasher):
"""
The Salted MD5crypt password hashing algorithm
"""
algorithm = "md5crypt"
def encode(self, password, salt):
assert password is not None
assert salt and '$' not in salt
cryptedpassword = md5crypt.md5crypt(force_bytes(password), force_bytes(salt))
cryptedpassword = cryptedpassword.split('$',2)[2]
#change from $1$ to md5crypt$
return "%s$%s" % (self.algorithm, cryptedpassword)
def verify(self, password, encoded):
algorithm, salt, hash = encoded.split('$', 2)
assert algorithm == self.algorithm
encoded_2 = self.encode(password, salt)
return constant_time_compare(encoded, encoded_2)
def safe_summary(self, encoded):
algorithm, salt, hash = encoded.split('$', 2)
assert algorithm == self.algorithm
return OrderedDict([
(_('algorithm'), algorithm),
(_('salt'), mask_hash(salt, show=2)),
(_('hash'), mask_hash(hash)),
])
我的密码hashers的settings.py:
PASSWORD_HASHERS=(
'django.contrib.auth.hashers.MD5CryptPasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
)
,因为我不知道我能不能跟大家分享模块md5crypt.py有安全原因的许可。
1.3项目如何使用md5crypt? 1.3项目中的“PASSWORD_HASHERS”设置是什么? – Alasdair