Paul Johnston wrote:
> By default, passwords are stored in the database without a salt. Usual
> practice is to use a salt, to make things harder for an attacker, just
> in case your password database is captured. The scheme I favor is
> storing hmac_sha1(hmac_sha1(master_salt, user_name), password).
> master_salt is a per-site value.

The SSHA algorithm, used by default in Open LDAP, stores something 
simpler and just as secure AFAICT:

   (sha1(password, random_salt), random_salt)

It seems better to use a standard algorithm and not keep track of a 
master salt.

LDAP also provides a standard way to allow multiple password hashing 
schemes to coexist in a database.  Every password is prefixed with the 
scheme name in curly brackets.  So a typical password would look like:


I suggest repoze.who plugins, particularly the ZODB plugin, ought to 
adopt these standards.


Repoze-dev mailing list

Reply via email to