Hi Josh,
Josh Heitzman wrote:
I dug around a bit. What Unix systems used to was called crypt. Some
are currently a salt + MD5, but apparently the better algorithm is
considered to be bcrypt, which includes a 128-bit salt and uses are
variable cycle encryption algorithm.
A python
On Feb 1, 7:09 am, James Gardner [EMAIL PROTECTED] wrote:
This already exists actually. You just need to specify a custom
valid_password() function (or digest_password() if you are using HTTP
digest).
It is documented
here:http://authkit.org/docs/manual.html#basic-http-1-0-authentication
On 1/17/07, James Gardner [EMAIL PROTECTED] wrote:
Hi Josh,
It does HTTP digest authentication. What exactly did you have in mind?
Perhaps he means authentication that works with simple forms or basic,
but stores the password as sha1(salt + password). The credential would
then be stored as
Robert Sayre wrote:
Perhaps he means authentication that works with simple forms or basic,
but stores the password as sha1(salt + password). The credential would
then be stored as
username:salt:hexdigest
This is fairly standard practice, and provides decent security for
casual apps. It's
I dug around a bit. What Unix systems used to was called crypt. Some
are currently a salt + MD5, but apparently the better algorithm is
considered to be bcrypt, which includes a 128-bit salt and uses are
variable cycle encryption algorithm.
A python implementation of bcrypt can be had here
Does AuthKit have support for encrypted passwords?
If not, are there any plans to add such support?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email
