Dieter Maurer wrote:
Christian Theune wrote at 2009-1-16 09:06 +0100:
I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
about it. IMHO this implements an anti-pattern in an official way
without a warning that this needs to be handled with care.
IMHO, it is not an
Summary of messages to the zope-tests list.
Period Fri Jan 16 12:00:00 2009 UTC to Sat Jan 17 12:00:00 2009 UTC.
There were 8 messages: 8 from Zope Tests.
Tests passed OK
---
Subject: OK : Zope-2.8 Python-2.3.7 : Linux
From: Zope Tests
Date: Fri Jan 16 20:53:04 EST 2009
URL:
Hi there,
while working on a password manager tool (commandline) for Grok I
stumbled over the usage of salts in the password managers of
`zope.app.authentication`.
In short, they seem to generate (and store) a salt number but do not
make any use of it when it comes to creating the hashes (SHA1,
Yeah, that's definetely a mistake! The hash needs to be generated
using both salt and password.
Also, I saw a technique when you generate a hash using double hashing,
like this: sha(sha(password) + salt).hexdigest(). It looks even more
secure :)
BTW, to fix it, we need to remember about
Hi,
Am Samstag, den 17.01.2009, 11:36 + schrieb Martin Aspeli:
Dieter Maurer wrote:
Christian Theune wrote at 2009-1-16 09:06 +0100:
I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
about it. IMHO this implements an anti-pattern in an official way
without a
Previously Dan Korostelev wrote:
Yeah, that's definetely a mistake! The hash needs to be generated
using both salt and password.
Also, I saw a technique when you generate a hash using double hashing,
like this: sha(sha(password) + salt).hexdigest(). It looks even more
secure :)
Why would
Uli Fouquet wrote:
while working on a password manager tool (commandline) for Grok I
stumbled over the usage of salts in the password managers of
`zope.app.authentication`.
In short, they seem to generate (and store) a salt number but do not
make any use of it when it comes to creating the
Hi Dan,
thanks for your quick response.
Dan Korostelev wrote:
Yeah, that's definetely a mistake! The hash needs to be generated
using both salt and password.
Also, I saw a technique when you generate a hash using double hashing,
like this: sha(sha(password) + salt).hexdigest(). It looks
That test seems to be timing out both yesterday and today trying to
download docutils: do you think having the buildout use a
download_cache would help?
Tres.
It certainly would. I am however reluctant to enable the download
cache because it may mask incomplete buildout configurations.
Previously Uli Fouquet wrote:
Hi Dan,
thanks for your quick response.
Dan Korostelev wrote:
Yeah, that's definetely a mistake! The hash needs to be generated
using both salt and password.
Also, I saw a technique when you generate a hash using double hashing,
like this:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan H.Holek wrote:
That test seems to be timing out both yesterday and today trying to
download docutils: do you think having the buildout use a
download_cache would help?
Tres.
It certainly would. I am however reluctant to enable the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanno Schlichting wrote:
Log message for revision 94810:
Hhm, pdb?!?
Changed:
U Products.GenericSetup/trunk/Products/GenericSetup/tests/common.py
-=-
Modified: Products.GenericSetup/trunk/Products/GenericSetup/tests/common.py
Martin Aspeli wrote at 2009-1-17 11:36 +:
Dieter Maurer wrote:
Christian Theune wrote at 2009-1-16 09:06 +0100:
I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
about it. IMHO this implements an anti-pattern in an official way
without a warning that this needs to be
13 matches
Mail list logo
