Hacker News new | past | comments | ask | show | jobs | submit login

Not OP, but here's the official Django doc on the topic, including a section further down about upgrading the hash without needing a login:

https://docs.djangoproject.com/en/1.9/topics/auth/passwords/...

Here's a blog post which covers the same topic in an easy-to-understand form, including why computationally-expensive password hashing is important:

http://tech.marksblogg.com/passwords-in-django.html




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: