[Django]-Python md5 password value


the hash you put in there is a salted sha1 hexdigest as django (and probably many others) stores it by default.

the code to verify it is in contrib/auth/models.py. From there you can see that django works with md5 by default. All you have to do is to update the old hashes to the following form:


if your hashes aren’t salted yet leave the salt empty (md5$$<hash>), but update the hash to sha1 the next time the user performs a valid login.



I don’t think that oldpasswd_db is a MD5. It more looks like a combination of hash method (SHA1 in this case), a salt and the password hash itself.

Try to concatenate the salt value with the password:

import hashlib


It’s not md5, it’s sha1 – "sha1$xxx.

You’d have to use sha1 functions instead.
There is a documentation on this at http://docs.python.org/library/sha.html



to compare the value of your current password to the password stored in the database you can do:

import md5

input_password = request.POST['password']
md5_hashed_input_password = md5.new(input_password).hexdigest()
#comapre the value to that stored in db
if md5_hashed_input_password == db_password:  #password in db should be stored in md5 hash format
    print 'password match'
    print 'password mismatch'

Leave a comment