Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django make_password too slow for creating large list of users programatically

Tags:

python

django

django-models

I need to create hundreds (possibly thousands) of users programatically in Django. I am using something like:

from django.contrib.auth.models import User
from django.contrib.auth.hashers import make_password
for username, email, pwd in big_user_list:
    m = User(username=username, email=email, password=make_password(pwd))
    m.save()

This is taking too long to execute. I've confirmed that make_password is the culprit by running the above script without passwords.

Is there anyway around this slowness issue, I really need this script to execute quickly.

like image 962
Rabih Kodeih Avatar asked Aug 16 '13 12:08

Rabih Kodeih

1 Answers

You could use the django.contrib.auth.hashers.MD5PasswordHasher for an initial password. As per Django docs on how Django stores passwords,

By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it’s quite secure, requiring massive amounts of computing time to break.

[...]

Django chooses the an algorithm by consulting the PASSWORD_HASHERS setting. This is a list of hashing algorithm classes that this Django installation supports. The first entry in this list (that is, settings.PASSWORD_HASHERS[0]) will be used [by default] to store passwords, and all the other entries are valid hashers that can be used to check existing passwords. [...]

The default for PASSWORD_HASHERS is:

PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.BCryptPasswordHasher',
    'django.contrib.auth.hashers.SHA1PasswordHasher',
    'django.contrib.auth.hashers.MD5PasswordHasher',
    'django.contrib.auth.hashers.CryptPasswordHasher'
)

Thus you'd want to keep the default as it is now, but use a weaker hasher in the beginning; make sure that the MD5PasswordHasher is present in the list. Then use

make_password(pwd, None, 'md5')

to generate a plain salted MD5 password initially; this will not be too weak provided that the initial password is random enough. As the users change their passwords, their passwords will be encrypted with a stronger algorithm.

like image 124
Antti Haapala -- Слава Україні Avatar answered Sep 22 '22 23:09

Antti Haapala -- Слава Україні
Sign in to Comment

Related questions

how to get static files in Flask without url_for('static', file_name='xxx')
Timeout function using threading in python does not work
Sum between pairs of indices in 2d array
How to find shortest path in a weighted graph using networkx?
Add margin when plots run against the edge of the graph
Easily dumping variables from/to namespaces/dictionaries in Python
How do I convert a string of hexadecimal values to a list of integers?
Compositing two images with python wand
Update a dictionary with another dictionary, but only non-None values
Python - plotting large number of lines
How to initialize nested dictionaries in Python
how to append item to a global list from within a procedure
Substitute for numpy broadcasting using scipy.sparse.csc_matrix
Python, writing an integer to a '.txt' file
Matplotlib remove interpolation for missing data
Get ordered field names from peewee Model
student t confidence interval in python
System path error with PyQt and Py2exe
Why isn't the Dfun(gradient) called while using integrate.odeint in SciPy?
Combining two series in pandas along their index [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!