Hi,
I've read « Password Storage » section of Mozilla Security Guidelines :
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage
I look for a generic (and independent) python library to perform hash_password
and verify_password which follow this « Password storage »
Le 17/09/13 11:09, Stéphane Klein a écrit :
Is It the better Python standalone lib to perform hash and verify password ?
I see also https://pypi.python.org/pypi/passlib/
--
Stéphane Klein cont...@stephane-klein.info
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
Hi Stephane,
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
hmac is part of the standard library, so you should be able to do
import hmac without having to install
Le 17/09/13 11:27, Jesaja Everling a écrit :
Hi Stephane,
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
hmac is part of the standard library, so you should be
I use passlib for password hashing.
http://pythonhosted.org/passlib/
The documentation is quite good.
See here for bcrypt hashing:
http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt
On Tue, Sep 17, 2013 at 5:34 AM, Stéphane Klein
have a look at https://github.com/Pylons/shootout (using bcrypt)
or https://github.com/cleder/liches (salted bcrypt password hash)
On Tue, Sep 17, 2013 at 12:34 PM, Stéphane Klein
cont...@stephane-klein.info wrote:
Le 17/09/13 11:27, Jesaja Everling a écrit :
Hi Stephane,
I'm not familiar
Le 17/09/13 11:27, Jesaja Everling a écrit :
I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:
https://pypi.python.org/pypi/py-bcrypt
What are the differences between
https://pypi.python.org/pypi/py-bcrypt
Am 17.09.2013 14:48, schrieb ian marcinkowski:
I use passlib for password hashing.
http://pythonhosted.org/passlib/
Another vote for passlib. Code and docs are exemplary.
-- Christoph
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To
On Tue, Sep 17, 2013 at 2:38 PM, Jonathan Vanasco jonat...@findmeon.comwrote:
def verify( hashed , password ):
if hash(password) == hashed : return True
return False
Your verify is vulnerable to timing attacks. :-)
--
You received this message because you are subscribed to
I'm happy with cryptacular
https://pypi.python.org/pypi/cryptacular/
having 'verify password' as a requirement is silly.
every verify password function i've seen is just a 2 line convenience
function like this:
def verify( hashed , password ):
if hash(password) == hashed : return
10 matches
Mail list logo