Password hashing in Django
I'm trying to integrate vBulliten and Django's user databases. I know vB uses a md5 algorithm to hash it's passwords, with a salt. I have the salt data and the password for each vB user, and would like to know how to import those accounts onto Django.
I've tried the obvious, changing the Django user's password to;
md5$vb's_salt$vb's_password
This just throws back Django's log-in form, with a message saying "username and password does not match"
Any ideas?
Answer
You could either update passwords from db manually, or write some Python.
The password attribute of a User object is a string in this format:
hashtype$salt$hashThat's hashtype, salt and hash, separated by the dollar-sign character.
Hashtype is either sha1 (default), md5 or crypt -- the algorithm used to perform a one-way hash of the password. Salt is a random string used to salt the raw password to create the hash. Note that the crypt method is only supported on platforms that have the standard Python crypt module available.
For example:
sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4The set_password() and check_password() functions handle the setting and checking of these values behind the scenes.
(reference: http://docs.djangoproject.com/en/dev/topics/auth/#passwords)