0

I'm using django.contrib.auth.hashers.make_password method to store passwords. There is an iOS app that sends username and password to my django site to get authenticated. I want them to send encrypted password not the raw password. But I don't know how django encrypt the password? How someone else in other platform can generate the same encrypted password?

Marjan
  • 261
  • 4
  • 13

2 Answers2

1

Django has a variety of methods it can use to encrypt passwords. By default is uses PBKDF2.

You can look at your PASSWORD_HASHERS list to see what is set:

PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', 'django.contrib.auth.hashers.BCryptPasswordHasher', 'django.contrib.auth.hashers.SHA1PasswordHasher', 'django.contrib.auth.hashers.MD5PasswordHasher', 'django.contrib.auth.hashers.CryptPasswordHasher', )

Here is a SO article on implementing that algorithm in iOS: PBKDF2 using CommonCrypto on iOS

The challenge will be that the password is salted. If you don't know the salt, you can't hash the password correctly. So you'll need to send the salt securely to the device, so your output hash matches.

Community
  • 1
  • 1
Adam B
  • 3,775
  • 3
  • 32
  • 42
0

version <1.4 is SHA1, >=1.4 is PBKDF2, check the table

select * from auth_user;

to make sure, the password column is algorithm$hash check document for details.

Ted Shaw
  • 2,298
  • 14
  • 8