I have a Django-based site (not yet launched, so there are no real users) using plain django.contrib.auth
, and want to store passwords as plain-text, not salted SHA-1 hashes.
The question is what's the best approach to do this, hopefully, without patching (or monkey-patching) Django source code?
NOTE: I perfectly know this is certainly less secure. Plaintext is required to perform challenge-response auth, like CHAP for PPTP VPN, DIGEST-MD5 for IMAP4 and HTTP Digest for WebDAV-based file storage. So, I'm trading DB-level security with connection-level security.
Of course, I'm considering educating and encouraging users on using X.509 certificates (and not having any passwords), but this is not so easy.
Reversibly encrypting (obfuscating) passwords, and using some sort column-level permissions so the password will be INSERTable/UPDATEable, but not SELECTable by the web user (only accessible for some custom check function, like SELECT * FROM users WHERE 'somesha1hash' = USER_HMAC(id, 'salt')
) so the passwords wont be "just there" is a good idea and I'll try to do it. Suggestions on securing plaintext data are warmly welcomed, but what I mostly want to hear is how to hack the way passwords are stored.