django-bcrypt makes it easy to use bcrypt to hash passwords with Django.
- Mercurial: http://bitbucket.org/dwaiter/django-bcrypt/
- Git: http://github.com/dwaiter/django-bcrypt/
- Documentation: http://django-bcrypt.rtfd.org/
- Issues: http://bitbucket.org/dwaiter/django-bcrypt/issues?status=new&status=open
Install the package with pip and Mercurial or git:
pip install -e hg+http://bitbucket.org/dwaiter/django-bcrypt#egg=django-bcrypt
# or ...
pip install -e git://github.com/dwaiter/django-bcrypt.git#egg=django-bcrypt
Add django_bcrypt
to your INSTALLED_APPS
.
That's it.
Any new passwords set will be hashed with bcrypt. Old passwords will still work fine.
You can configure how django-bcrypt behaves with a few settings in your settings.py
file.
Enables bcrypt hashing when User.set_password()
is called.
Default: True
Enables bcrypt hashing when running inside Django TestCases.
Default: False
(to speed up user creation)
Number of rounds to use for bcrypt hashing. Increase this as computers get faster.
You can change the number of rounds without breaking already-hashed passwords. New passwords will use the new number of rounds, and old ones will use the old number, unless BCRYPT_MIGRATE
is enabled, in which case old ones will be rehashed during login to use the new number of rounds.
The number of rounds bcrypt actually uses is 2^N. So when this is 12
, bcrypt uses 4096 rounds.
Default: 12
Enables bcrypt password migration on a check_password()
call. Use this to migrate an existing deployment (that's using the default auth) over to bcrypt.
The hash is also migrated when BCRYPT_ROUNDS
changes.
Default: False
This is pretty much a packaged-up version of this blog post for easier use.
It also depends on the py-bcrypt library.