Django make_password对于以编程方式创建大量用户列表太慢了 [英] Django make_password too slow for creating large list of users programatically
问题描述
from django.contrib.auth.models import user
from django.contrib.auth .hashers在big_user_list中为username,email,pwd导入make_password
m =用户(username = username,email = email,password = make_password(pwd))
m.save()
执行时间太长。我已经确认,make_password是通过运行上述脚本而没有密码的罪魁祸首。
有没有关于这个缓慢的问题,我真的需要这个脚本来快速执行。 / p>
您可以使用 django.contrib.auth.hashers.MD5PasswordHasher 初始密码。根据关于Django如何存储密码的Django文档,
默认情况下,Django使用具有SHA256哈希的PBKDF2算法,NIST推荐的
密码拉伸机制。这对于大多数用户来说应该是
:这是非常安全的,需要大量的
的计算时间才能中断。
[...]
Django通过咨询PASSWORD_HASHERS
设置来选择一个算法。这是Django
安装支持的散列算法类的列表。 此列表中的第一个条目(即
settings.PASSWORD_HASHERS [0])将默认使用 存储密码,所有
其他条目是可用于检查现有
密码的有效哈希尔。 [...]
默认对于PASSWORD_HASHERS是:
PASSWORD_HASHERS =(
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
' django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher'
)
因此,您希望保持现在的默认值,但在开始时使用较弱的哈希值;确保列表中存在 MD5PasswordHasher 。然后使用
make_password(pwd,None,'md5')
最初生成一个简单的盐渍MD5密码;这不会太弱,只要初始密码是随机的。随着用户更改其密码,密码将被加密,使用更强大的算法。
I need to create hundreds (possibly thousands) of users programatically in Django. I am using something like:
from django.contrib.auth.models import User
from django.contrib.auth.hashers import make_password
for username, email, pwd in big_user_list:
m = User(username=username, email=email, password=make_password(pwd))
m.save()
This is taking too long to execute. I've confirmed that make_password is the culprit by running the above script without passwords.
Is there anyway around this slowness issue, I really need this script to execute quickly.
You could use the django.contrib.auth.hashers.MD5PasswordHasher for an initial password. As per Django docs on how Django stores passwords,
By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it’s quite secure, requiring massive amounts of computing time to break.
[...]
Django chooses the an algorithm by consulting the PASSWORD_HASHERS setting. This is a list of hashing algorithm classes that this Django installation supports. The first entry in this list (that is, settings.PASSWORD_HASHERS[0]) will be used [by default] to store passwords, and all the other entries are valid hashers that can be used to check existing passwords. [...]
The default for PASSWORD_HASHERS is:
PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', 'django.contrib.auth.hashers.BCryptPasswordHasher', 'django.contrib.auth.hashers.SHA1PasswordHasher', 'django.contrib.auth.hashers.MD5PasswordHasher', 'django.contrib.auth.hashers.CryptPasswordHasher' )
Thus you'd want to keep the default as it is now, but use a weaker hasher in the beginning; make sure that the MD5PasswordHasher is present in the list. Then use
make_password(pwd, None, 'md5')
to generate a plain salted MD5 password initially; this will not be too weak provided that the initial password is random enough. As the users change their passwords, their passwords will be encrypted with a stronger algorithm.
这篇关于Django make_password对于以编程方式创建大量用户列表太慢了的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
