These are chat archives for django/django

6th
Apr 2017
Roel
@roelzkie15
Apr 06 2017 00:44
can anyone help me with this SO question
Anish Shrestha
@annshress
Apr 06 2017 02:02
Yuss
Roel
@roelzkie15
Apr 06 2017 03:10
@annshress hey thanks
Anish Shrestha
@annshress
Apr 06 2017 04:25
@badcoder28 welcome
I keep forgetting these utilities already in the django. latest, earliest ... :+1:
prashant-sirohi
@prashant-sirohi
Apr 06 2017 08:49
does anyone know of custom on screen keyboards which support keywise mapping
tillkolter
@tillkolter
Apr 06 2017 14:47
does anyone have experience with upgrading password hashers?
I have a legacy database with MD5 and want to migrate to Argon2
The documentation recommends the following pattern:
from django.contrib.auth.hashers import (
    PBKDF2PasswordHasher, SHA1PasswordHasher,
)


class PBKDF2WrappedSHA1PasswordHasher(PBKDF2PasswordHasher):
    algorithm = 'pbkdf2_wrapped_sha1'

    def encode_sha1_hash(self, sha1_hash, salt, iterations=None):
        return super(PBKDF2WrappedSHA1PasswordHasher, self).encode(sha1_hash, salt, iterations)

    def encode(self, password, salt, iterations=None):
        _, _, sha1_hash = SHA1PasswordHasher().encode(password, salt).split('$', 2)
        return self.encode_sha1_hash(sha1_hash, salt, iterations)
Now the verification fails, when calling user.check_password('<raw_password>)
Do I also have to override the hasher.verify method?
tillkolter
@tillkolter
Apr 06 2017 14:52
My suggested solution:
from django.contrib.auth.hashers import (
    Argon2PasswordHasher, UnsaltedMD5PasswordHasher,
)


class Argon2WrappedMD5PasswordHasher(Argon2PasswordHasher):
    algorithm = 'argon2_wrapped_md5'

    def encode_md5_hash(self, md5_hash, salt):
        return super(Argon2WrappedMD5PasswordHasher, self).encode(md5_hash, salt)

    def encode(self, password, salt):
        _, _, md5_hash = UnsaltedMD5PasswordHasher().encode(password, '').split('$', 2)
        return self.encode_md5_hash(md5_hash, salt)

    def verify(self, password, encoded):
        return super(Argon2WrappedMD5PasswordHasher, self).verify(UnsaltedMD5PasswordHasher().encode(password, ''), encoded)