django内置用户认证
django内置用户模型-password字段使用的校验算法
from django.contrib.auth.models import User
User.objects.create_user()
class UserManager(BaseUserManager):
def create_user(self, username, email=None, password=None, **extra_fields):
....
return self._create_user(username, email, password, **extra_fields)
def _create_user(self, username, email, password, **extra_fields):
...
user.set_password(password)
user.save(using=self._db)
return user
def set_password(self, raw_password):
self.password = make_password(raw_password)
self._password = raw_password
def make_password(password, salt=None, hasher='default'):
...
hasher = get_hasher(hasher)
return hasher.encode(password, salt)
def get_hasher(algorithm='default'):
...
elif algorithm == 'default':
return get_hashers()[0] //默认使用第一个
def get_hashers():
...
for hasher_path in settings.PASSWORD_HASHERS:
...
# 去django的全局配置下找
python3.6/site-packages/django/conf/global_settings.py
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
]
from django.contrib.auth.hashers import PBKDF2PasswordHasher
class PBKDF2PasswordHasher(BasePasswordHasher):
"""
Secure password hashing using the PBKDF2 algorithm (recommended)
Configured to use PBKDF2 + HMAC + SHA256.
The result is a 64 byte binary string. Iterations may be changed
safely but you must rename the algorithm if you change SHA256.
"""
algorithm = "pbkdf2_sha256"
iterations = 36000
digest = hashlib.sha256
...
sha2介绍
Django 内置的User类提供了用户密码的存储、验证、修改等功能,
默认使用pbkdf2_sha256方式来存储和管理用的密码。
参考
SSL行业选择SHA作为数字签名的散列算法
SHA256(又称SHA2)成为了新的标准,现在签发的SSL证书,必须使用该算法签名。
以一个60M的文件为测试样本,经过1000次的测试平均值,三种算法的表现为:
MD5算法运行1000次的平均时间为:226ms
SHA1算法运行1000次的平均时间为:308ms
SHA256算法运行1000次的平均时间为:473ms