Password management is something that should generally not be reinvented unnecessarily, and Django endeavors to provide a secure and flexible set of tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords.
Django provides a flexible password storage system and uses PBKDF2 (for more information visit http://en.wikipedia.org/wiki/PBKDF2) by default. The password
attribute of a User
object is a string in this format:
<algorithm>$<iterations>$<salt>$<hash>
Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: the hashing algorithm, the number of algorithm iterations (work factor), the random salt, and the resulting password hash.
The algorithm is one of a number of one-way hashing or password storage algorithms Django can use...