So, I've finished it off and submitted the patch to issue 85:

In absence of comments, I decided for backwards compatibility over  
standards compliance and used hex storage for the data.  I could  
modify this to switch to base64 for both, since the unsalted SHA1 hash  
is always 160 bits and would always end with an equals sign (which is  
unambiguously not hex).  This is not true for the salted version, so  
it might be a lost opportunity to switch to standard compliance...  I  
think I'll update my patch to support both, and let you choose between  

Douglas Mayle

On May 19, 2009, at 3:03 PM, Douglas Mayle wrote:

> On further inspection, it uses a hex form of the digest.  Is there any
> preference between that and RFC 2307 schemes, which use base64 for
> encoding?
> Doug
> On May 19, 2009, at 1:57 PM, Douglas Mayle wrote:
>> Hello all,
>>      I've noticed that the default_password_compare in uses
>> unsalted hashes, and so I was planning to submit a patch to fix that.
>> I figured, however, that it might be a good idea to provide a
>> default_password_hasher so that users of repoze.who could just import
>> that into their model and have the two work in conjunction.  Before I
>> did it, however, I wanted to make sure that there wasn't something I
>> was missing...
>> Thanks,
>> Douglas Mayle
>> _______________________________________________
>> Repoze-dev mailing list
> _______________________________________________
> Repoze-dev mailing list

Repoze-dev mailing list

Reply via email to