Please look at the shootout implementation of passwords. I added support for cryptacular there, hoping it might serve as a decent example for using bcrypt, etc. It'd damn easier than dealing with any hashing yourself.
https://github.com/Pylons/shootout/blob/master/shootout/models.py#L28 Michael On Mon, Apr 25, 2011 at 2:52 PM, Daniel Holth <dho...@gmail.com> wrote: > FULL PEDANTISM ON > > $6$ is a SHA-512-based algorithm developed by Ulrich Drepper of RedHat. It > performs 5000 rounds by default but it supports a rounds= parameter. The > algorithm is only based on SHA-512; each round is more work than SHA-512 by > itself. I prefer bcrypt but this algorithm was specifically developed for > the benefit of those whose list of approved algorithms only has SHA on it. > > On my Ubuntu system, I can also pass the $2a$ prefix to os.crypt() to get > bcrypt without installing anything, not even the far superior cryptacular > library which wraps a public-domain C implementation of bcrypt. > > /END PEDANTISM AND SHAMELESS SELF-PROMOTION > > Is the standard bcrypt work factor of 10 (2^10 rounds) really obsolete? > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To post to this group, send email to pylons-discuss@googlegroups.com. > To unsubscribe from this group, send email to > pylons-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.