Django make_password 以编程方式创建大量用户列表太慢 [英] Django make_password too slow for creating large list of users programatically

问题描述

我需要在 Django 中以编程方式创建数百(可能是数千)用户.我正在使用类似的东西:

I need to create hundreds (possibly thousands) of users programatically in Django. I am using something like:

from django.contrib.auth.models import User
from django.contrib.auth.hashers import make_password
for username, email, pwd in big_user_list:
    m = User(username=username, email=email, password=make_password(pwd))
    m.save()

执行时间太长.我已经通过在没有密码的情况下运行上述脚本来确认 make_password 是罪魁祸首.

This is taking too long to execute. I've confirmed that make_password is the culprit by running the above script without passwords.

无论如何解决这个缓慢的问题，我真的需要这个脚本快速执行.

Is there anyway around this slowness issue, I really need this script to execute quickly.

推荐答案

您可以使用 django.contrib.auth.hashers.MD5PasswordHasher 作为初始密码.根据 关于 Django 如何存储密码的 Django 文档，

You could use the django.contrib.auth.hashers.MD5PasswordHasher for an initial password. As per Django docs on how Django stores passwords,

默认情况下，Django 使用带有 SHA256 哈希值的 PBKDF2 算法，一个NIST 推荐的密码拉伸机制.这应该是对大多数用户来说足够了:它非常安全，需要大量需要中断的计算时间.

By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it’s quite secure, requiring massive amounts of computing time to break.

[...]

Django 通过查询 PASSWORD_HASHERS 选择算法环境.这是这个 Django 的散列算法类列表安装支持.此列表中的第一个条目(即settings.PASSWORD_HASHERS[0]) 将用于 [默认] 存储密码，以及所有其他条目是可用于检查现有的有效哈希密码. [...]

Django chooses the an algorithm by consulting the PASSWORD_HASHERS setting. This is a list of hashing algorithm classes that this Django installation supports. The first entry in this list (that is, settings.PASSWORD_HASHERS[0]) will be used [by default] to store passwords, and all the other entries are valid hashers that can be used to check existing passwords. [...]

PASSWORD_HASHERS 的默认值是:

The default for PASSWORD_HASHERS is:

PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.BCryptPasswordHasher',
    'django.contrib.auth.hashers.SHA1PasswordHasher',
    'django.contrib.auth.hashers.MD5PasswordHasher',
    'django.contrib.auth.hashers.CryptPasswordHasher'
)

因此，您希望保持现在的默认值，但在开始时使用较弱的散列器；确保 MD5PasswordHasher 出现在列表中.然后使用

Thus you'd want to keep the default as it is now, but use a weaker hasher in the beginning; make sure that the MD5PasswordHasher is present in the list. Then use

make_password(pwd, None, 'md5')

最初生成一个普通的盐渍 MD5 密码；只要初始密码足够随机，这不会太弱.随着用户更改密码，他们的密码将使用更强的算法进行加密.

to generate a plain salted MD5 password initially; this will not be too weak provided that the initial password is random enough. As the users change their passwords, their passwords will be encrypted with a stronger algorithm.

这篇关于Django make_password 以编程方式创建大量用户列表太慢的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！