Hi,
I've read « Password Storage » section of Mozilla Security Guidelines :
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage
I look for a generic (and independent) python library to perform hash_password
and verify_password which follow this « Password storage »
Le 17/09/13 11:09, Stéphane Klein a écrit :
Is It the better Python standalone lib to perform hash and verify password ?
I see also https://pypi.python.org/pypi/passlib/
--
Stéphane Klein cont...@stephane-klein.info
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
Hi Stephane,
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
hmac is part of the standard library, so you should be able to do
import hmac without having to install
Le 17/09/13 11:27, Jesaja Everling a écrit :
Hi Stephane,
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
hmac is part of the standard library, so you should be
I use passlib for password hashing.
http://pythonhosted.org/passlib/
The documentation is quite good.
See here for bcrypt hashing:
http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt
On Tue, Sep 17, 2013 at 5:34 AM, Stéphane Klein
have a look at https://github.com/Pylons/shootout (using bcrypt)
or https://github.com/cleder/liches (salted bcrypt password hash)
On Tue, Sep 17, 2013 at 12:34 PM, Stéphane Klein
cont...@stephane-klein.info wrote:
Le 17/09/13 11:27, Jesaja Everling a écrit :
Hi Stephane,
I'm not familiar
Le 17/09/13 11:27, Jesaja Everling a écrit :
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
What are the differences between
https://pypi.python.org/pypi/py-bcrypt
Am 17.09.2013 14:48, schrieb ian marcinkowski:
I use passlib for password hashing.
http://pythonhosted.org/passlib/
Another vote for passlib. Code and docs are exemplary.
-- Christoph
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To
On Saturday, September 14, 2013 3:20:34 AM UTC-5, Chris McDonough wrote:
On 09/14/2013 03:32 AM, Wes Turner wrote:
https://www.PylonsProject.org seems to be returning a certificate for
www.blueleftistconstructor.com, which does not match the
www.pylonsproject.org domain name.
$
the ssl certificate was not renewed
I don't know if this looks more secure than a self-signed cert, or it would
be better to just not support HTTPS if the certificate is not correct.
We now have a rackspace account and all the hosting will be moved over
there.
OpenStack FTW. Thank You.
If
On Tue, Sep 17, 2013 at 2:38 PM, Jonathan Vanasco jonat...@findmeon.comwrote:
def verify( hashed , password ):
if hash(password) == hashed : return True
return False
Your verify is vulnerable to timing attacks. :-)
--
You received this message because you are subscribed to
I'm happy with cryptacular
https://pypi.python.org/pypi/cryptacular/
having 'verify password' as a requirement is silly.
every verify password function i've seen is just a 2 line convenience
function like this:
def verify( hashed , password ):
if hash(password) == hashed : return
Hi.
I have a UserFactory that I use for traversal of urls like /u/{id}. What
I would like to do is return a 403 for a user that does not exist
instead of raising a KeyError which returns a 404.
Is there any way to do that?
Thanks.
AM
--
You received this message because you are subscribed
13 matches
Mail list logo
