Dieter Maurer wrote:
> Christian Theune wrote at 2009-1-16 09:06 +0100:
>> I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
>> about it. IMHO this implements an anti-pattern in an official way
>> without a warning that this needs to be handled with care.
>
> IMHO, it is not an
Summary of messages to the zope-tests list.
Period Fri Jan 16 12:00:00 2009 UTC to Sat Jan 17 12:00:00 2009 UTC.
There were 8 messages: 8 from Zope Tests.
Tests passed OK
---
Subject: OK : Zope-2.8 Python-2.3.7 : Linux
From: Zope Tests
Date: Fri Jan 16 20:53:04 EST 2009
URL: http://m
Hi there,
while working on a password manager tool (commandline) for Grok I
stumbled over the usage of salts in the password managers of
`zope.app.authentication`.
In short, they seem to generate (and store) a salt number but do not
make any use of it when it comes to creating the hashes (SHA1, M
Yeah, that's definetely a mistake! The hash needs to be generated
using both salt and password.
Also, I saw a technique when you generate a hash using double hashing,
like this: sha(sha(password) + salt).hexdigest(). It looks even more
secure :)
BTW, to fix it, we need to remember about migration
Hi,
Am Samstag, den 17.01.2009, 11:36 + schrieb Martin Aspeli:
> Dieter Maurer wrote:
> > Christian Theune wrote at 2009-1-16 09:06 +0100:
> >> I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
> >> about it. IMHO this implements an anti-pattern in an official way
> >> witho
Previously Dan Korostelev wrote:
> Yeah, that's definetely a mistake! The hash needs to be generated
> using both salt and password.
>
> Also, I saw a technique when you generate a hash using double hashing,
> like this: sha(sha(password) + salt).hexdigest(). It looks even more
> secure :)
Why wo
Uli Fouquet wrote:
> while working on a password manager tool (commandline) for Grok I
> stumbled over the usage of salts in the password managers of
> `zope.app.authentication`.
>
> In short, they seem to generate (and store) a salt number but do not
> make any use of it when it comes to creating
Hi Dan,
thanks for your quick response.
Dan Korostelev wrote:
> Yeah, that's definetely a mistake! The hash needs to be generated
> using both salt and password.
>
> Also, I saw a technique when you generate a hash using double hashing,
> like this: sha(sha(password) + salt).hexdigest(). It look
>
> That test seems to be timing out both yesterday and today trying to
> download docutils: do you think having the buildout use a
> download_cache would help?
>
>
> Tres.
It certainly would. I am however reluctant to enable the download
cache because it may mask incomplete buildout configurat
Previously Uli Fouquet wrote:
> Hi Dan,
>
> thanks for your quick response.
>
> Dan Korostelev wrote:
> > Yeah, that's definetely a mistake! The hash needs to be generated
> > using both salt and password.
> >
> > Also, I saw a technique when you generate a hash using double hashing,
> > like th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan H.Holek wrote:
>> That test seems to be timing out both yesterday and today trying to
>> download docutils: do you think having the buildout use a
>> download_cache would help?
>>
>>
>> Tres.
>
> It certainly would. I am however reluctant to e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanno Schlichting wrote:
> Log message for revision 94810:
> Hhm, pdb?!?
>
> Changed:
> U Products.GenericSetup/trunk/Products/GenericSetup/tests/common.py
>
> -=-
> Modified: Products.GenericSetup/trunk/Products/GenericSetup/tests/common.py
>
Martin Aspeli wrote at 2009-1-17 11:36 +:
>Dieter Maurer wrote:
>> Christian Theune wrote at 2009-1-16 09:06 +0100:
>>> I noticed 'zope.globalrequest' on the PyPI RSS feed today and wonder
>>> about it. IMHO this implements an anti-pattern in an official way
>>> without a warning that this need
13 matches
Mail list logo