Reputation: 8653
django - Restrict "n" or More Characters Present in a Previous Password
I am using django for password management and I understand that DJango uses one-way hash to store passwords. My application is using django.contrib.auth.hashers.PBKDF2PasswordHasher
I have a table PasswordHistory where I save last 10 passwords. Passwords are saved using django hashing.
I want to restrict user to have a password with "n" or more characters present in a previous password. Right now, it is not possible as I can not get password from hashed string.
Is there a way to do so using django? Otherwise, I will have to save passwords using my own encryption/decryption logic. I know this is not a secure way, but may be the last option I have.
Upvotes: 0
Views: 100
Answers (1)
Reputation: 41119
No, this is not possible while using hashed passwords. The whole point of storing hashes is so that you don't store the passwords.
You can prevent exact matches with previous passwords, but not approximate/fuzzy matches.
Do not attempt to store passwords in a reversible state, encrypted or otherwise. There is a hall of shame for websites that do this. Encrypting the passwords is barely more secure than storing them in plaintext and, really, not secure at all. There's no good reason to do this.
Upvotes: 1
Related Questions
- How to put conditions in the password field?
- Django 2.0 Password Validation
- How can I set a minimum password length when using the built-in Django auth module?
- How do I get rid of the password constraints (eg. password has to be 8 characters, password can't be too similar to username, etc.) in django
- How to set minimum number of characters for user password in django-allauth
- validating number of characters allowed in django python
- Specify Minimum Password Length in Django Version <= 1.8?
- User authentication under certain restrictions
- Enforcing a min length in Django password
- restricting characters in a string in django