New submission from Douglas Mayle <>:

The SQL Authenticator uses unsalted hashes by default which are susceptible to
attacks like Rainbow tables.  I'm including a patch to add support, with tests.
 In addition, it's useful to have a default implementation of the hash function,
so I've added that.

files: repozewho_salted_hashes.diff
messages: 201
nosy: douglas
priority: urgent
status: unread
title: Repoze.who should support salted hashes for the sqlauthenticator
topic: repoze.who

Repoze Bugs <>

Attachment: repozewho_salted_hashes.diff
Description: Binary data

Repoze-dev mailing list

Reply via email to