Custom password hashes

RestAuth understands various hashing algorithms supported by Django, as well as a few custom hashing algorithms. You can configure the algorithms supported by RestAuth with the PASSWORD_HASHERS setting. This setting is a standard Django setting, but RestAuth supports a few additional hashers by default.

You can implement your own hashing algorithm if you intend to import data from a system not supported by RestAuth. If your hasher is the first hasher listed in PASSWORD_HASHERS, RestAuth will also store hashes using this algorithm. This is useful if you plan to later export data to such a system.

Available hash functions

RestAuth supports all hashers shipping with Django. RestAuth also already implements a few other hashers.

class common.hashers.Drupal7Hasher[source]

Hasher that understands hashes as created by Drupal7.

If you want to import hashes created by Drupal7, just prefix them with the string drupal7. For example, in PHP do:

$exported_hash = "drupal7" . $rawhash;

This class is only a slightly modified version of the PhpassHasher. This class uses Sha512 and hashes start with $S$ instead of $P$.

class common.hashers.MediaWikiHasher[source]

Returns hashes as stored in a MediaWiki user database. If salt is a string, the hash returned is the md5 hash of a concatenation of the salt, a dash (“-”), and the md5 hash of the password, otherwise it is identical to a plain md5 hash of the password.

Please see the official documentation for exact details.

class common.hashers.PhpassHasher[source]

Hasher that understands hashes as created by phpass, the “portable PHP password hashing framework”. This system is most prominently used by WordPress and phpBB3.

If you want to import hashes created by phpass, just prefix them with the string phpass. For example, in PHP, do:

$exported_hash = "phpass" . $rawhash;
class common.hashers.Sha512Hasher[source]

A basic sha512 hasher with salt.

This hasher hashing algorithm that used to be the default before RestAuth 0.6.1.

common.hashers.import_hash(algorithm, hash)[source]

Import a hash as given by the RestAuth import data format.

Raises ValueError if the hasher cannot be identified.

Implement your own hash functions

We use the password hashing mechanisms shipping with Django. If you want to implement your own hasher, you may want to read up on how Django stores passwords first. The official documentation is a little lacking on how to implement your own hashers, so here are a few additional instructions:

  • Your class should inherit from django.contrib.auth.hashers.BasePasswordHasher.
  • You must implement the algorithm property as well as the verify(), encode() and safe_summery() methods.
  • If you need to generate salts in a specific way, also implement the salt() method.

Here is the documentation for the baseclass shipping with django:

class django.contrib.auth.hashers.BasePasswordHasher[source]

Abstract base class for password hashers

When creating your own hasher, you need to override algorithm, verify(), encode() and safe_summary().

PasswordHasher objects are immutable.

encode(password, salt)[source]

Creates an encoded database value

The result is normally formatted as “algorithm$salt$hash” and must be fewer than 128 characters.

safe_summary(encoded)[source]

Returns a summary of safe values

The result is a dictionary and will be used where the password field must be displayed to construct a safe representation of the password.

salt()[source]

Generates a cryptographically secure nonce salt in ascii

verify(password, encoded)[source]

Checks if the given password is correct

Example

For examples on how to implement your own hashers, please look at the source code of the very simple common.hashers.Sha512Hasher.

Table Of Contents

Previous topic

Username validation

Next topic

Backends

This Page