Django password hashing and hashers

django passwords

Current default hashing algorithm:

PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.Argon2PasswordHasher',
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
    'django.contrib.auth.hashers.ScryptPasswordHasher',
]

Argon2 would currently be the preferred one, followed by Scrypt. Scrypt requires openssl 1.1+ and Argon2 requires pip install argon2-cffi.

You might be interested in these notes:

  • Couldn't find similar notes.