diff --git a/roundup/password.py b/roundup/password.py
index 92ada54a1fa8756e2d62ad6e9d5580efcbcad3ad..adb2cc4c5e1b6353076c497fea8ab2e3d49da518 100644 (file)
--- a/roundup/password.py
+++ b/roundup/password.py
"""
#TODO: code to migrate from old password schemes.
- known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ]
+ deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+ known_schemes = ["PBKDF2"] + deprecated_schemes
def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
"""Call setPassword if plaintext is not None."""
""" Password has insecure scheme or other insecure parameters
and needs migration to new password scheme
"""
- if self.scheme != 'PBKDF2':
+ if self.scheme in self.deprecated_schemes:
return True
rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
if rounds < 1000: