Skip to content

Latest commit

 

History

History
37 lines (26 loc) · 932 Bytes

README.rst

File metadata and controls

37 lines (26 loc) · 932 Bytes
Raw

Django Pwned Passwords Validator

This package provides a password validator for Django that checks submitted passwords against the Pwned Passwords API.

To protect the security of the password being checked a range search is used. Specifically, only the first 5 characters of a SHA-1 password hash are sent to the API. The validator then locally looks for the full hash in the range returned.

Installation

pip install django-pwned-validator

Modify your settings.py to install the app and enable the validator:

INSTALLED_APPS = [
    'pwned.apps.PwnedConfig',
    ...
]

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'pwned.validators.PwnedValidator',
    },
    ...
]

Compatibility

Supports Django 2.2 to 3.2 on Python 3.5 to 3.8.