Okay, done... I recommend the base64 version, as it's backwards compatible and standards compliant...
Doug On May 19, 2009, at 4:36 PM, Douglas Mayle wrote: > So, I've finished it off and submitted the patch to issue 85: > http://bugs.repoze.org/issue85 > > In absence of comments, I decided for backwards compatibility over > standards compliance and used hex storage for the data. I could > modify this to switch to base64 for both, since the unsalted SHA1 hash > is always 160 bits and would always end with an equals sign (which is > unambiguously not hex). This is not true for the salted version, so > it might be a lost opportunity to switch to standard compliance... I > think I'll update my patch to support both, and let you choose between > them... > > Douglas Mayle > > On May 19, 2009, at 3:03 PM, Douglas Mayle wrote: > >> On further inspection, it uses a hex form of the digest. Is there >> any >> preference between that and RFC 2307 schemes, which use base64 for >> encoding? >> >> Doug >> >> On May 19, 2009, at 1:57 PM, Douglas Mayle wrote: >> >>> Hello all, >>> I've noticed that the default_password_compare in sql.py uses >>> unsalted hashes, and so I was planning to submit a patch to fix >>> that. >>> I figured, however, that it might be a good idea to provide a >>> default_password_hasher so that users of repoze.who could just >>> import >>> that into their model and have the two work in conjunction. >>> Before I >>> did it, however, I wanted to make sure that there wasn't something I >>> was missing... >>> >>> Thanks, >>> Douglas Mayle >>> _______________________________________________ >>> Repoze-dev mailing list >>> Repoze-dev@lists.repoze.org >>> http://lists.repoze.org/listinfo/repoze-dev >> >> _______________________________________________ >> Repoze-dev mailing list >> Repoze-dev@lists.repoze.org >> http://lists.repoze.org/listinfo/repoze-dev > > _______________________________________________ > Repoze-dev mailing list > Repoze-dev@lists.repoze.org > http://lists.repoze.org/listinfo/repoze-dev _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
