What is the format in which Django passwords are stored in the database?

Question

You know how django passwords are stored like this:

sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4

and that is the \"hashtype $salt $

Answer 1

For a long time, until version 1.3, Django indeed followed the irresponsible practice of using a plain single iteration of SHA1, with a salt that was too short, to store password information. That approach has been out of date since 1979. Any passwords still stored that way are highly vulnerable to brute force attack. For reasons why, see Security Stackexchange on password hashing

Since version 1.4 in 2012, Django has a default hashing algorithm based on a good, standard key derivation function, PBKDF2, with a configurable number of iterations, whose default increases with each release (20000 in version 1.7). It also provides bcrypt support, and is backwards compatible with earlier releases, automatically upgrading password hashes when users log in. See more at Password management in Django | Django documentation