Monkey-patching stronger hash support into Django

auth.py

"""
from future import django_sha256_support

Monkey-patch SHA-256 support into Django's auth system. If Django ticket #5600
ever gets fixed, this can be removed.
"""
import hashlib
import random
import os

from django.contrib.auth import models as auth_models
from django.contrib.auth.backends import ModelBackend


def get_hexdigest(algorithm, salt, raw_password):
    """Generate SHA-256 hash."""
    if algorithm == 'sha256':
        return hashlib.sha256(salt + raw_password).hexdigest()
    else:
        return get_hexdigest_old(algorithm, salt, raw_password)
get_hexdigest_old = auth_models.get_hexdigest
auth_models.get_hexdigest = get_hexdigest


def set_password(self, raw_password):
    """Set SHA-256 password."""
    algo = 'sha256'
    salt = os.urandom(5).encode('hex')  # Random, 10-digit (hex) salt.
    hsh = get_hexdigest(algo, salt, raw_password)
    self.password = '$'.join((algo, salt, hsh))
auth_models.User.set_password = set_password


class Sha256Backend(ModelBackend):
    """
    Overriding the Django model backend without changes ensures our
    monkeypatching happens by the time we import auth.
    """
    pass

settings.py

AUTHENTICATION_BACKENDS = ('myapp.auth.Sha256Backend',)