I dug around a bit. What Unix systems used to was called crypt. Some are currently a salt + MD5, but apparently the better algorithm is considered to be bcrypt, which includes a 128-bit salt and uses are variable cycle encryption algorithm.
A python implementation of bcrypt can be had here http://www.mindrot.org/projects/py-bcrypt, but pehaps all AuthKit needs a mechanism for the client to specify a function it should call to compare a submitted password to a stored password. By default AuthKit would supply a function that just did a straight comparison, keeping the default behavior as it is now, but allowing the client to override that with whatever password encryption scheme they prefer. Sound reasonable? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
