Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

PBKDF2 with SHA256 hashing is default password storage mechanism in Django. Recommending PBKDF2 is one of the things that tptacek criticized “Practical Cryptography With Go” for[0].

Edit: Django has support for bcrypt but it's not the default because of third-party dependencies[1].

[0] https://news.ycombinator.com/item?id=7596280

[1] https://docs.djangoproject.com/en/1.7/topics/auth/passwords/



tptacek faulted 'Practical Cryptography With Go' for recommending PBKDF2 over bcrypt and scrypt however this is not what Django is doing.

Django chose PBKDF2 of the three primarily because it was easily implemented without pulling in third-party dependencies, which is very helpful for Django's deployment. Given the choice of the three, I think most all Django core developers would say that scrypt or bcrypt would be better but of the three options, PBKDF2 was deemed to be the most acceptable for driving adoption. Before PBKDF2 was added it was using a fast hashing algorithm and had no way to select one so all three were considered improvements and PBKDF2 was considered the 'safest' for adoption, not the optimal one. Note that it is now fairly easy to add bcrypt or scrypt into your django deploy if you choose to.

I'd also add that the parent article, talks about PBKDF2 but I am not sure it is using it correctly. It makes no mention of how many rounds it is configured for and I'm not sure what they mean by 'dumb iterations'. It should be able to make it as slow as scrypt or bcrypt or on a single machine benchmark. The advantage of something like scrypt is that it pulls in complexity on memory as well as CPU.

Edit For anyone interested in the decision making here, this was the summary ticket on Django password hashing and my summary at the time:

https://code.djangoproject.com/ticket/15367

https://groups.google.com/d/msg/django-developers/ko7V2wDVsd...


No, that's not accurate. I noted that the book didn't do a very good job of explaining the three functions or make a clear recommendation based on facts. That's different from dinging someone simply for using PBKDF2, which I wouldn't do.


I think we're saying basically the same thing. You're not criticizing the use of PBKDF2 as a bad choice as the parent comment implies.


I should've written “blindly recommending” instead of “recommending”.

(That's the passage I was referring to:

> If you're explaining crypto to a reader, and you're at the point where you're discussing KDFs, you'd think there'd be cause to explain that PBKDF2 is actually the weakest of those 3 KDFs, and why.

Also, I'm not arguing the sanity of Django developers' choice of PBKDF2 as default password encryption mechanism—IMO marginally better security wouldn't be worth the increased complexity of starting new project for newcomers.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: