By "salt from the DB" I meant that the User object (row in the db) includes a salt parameter, which is just 3 random characters generated by:
salt = ''.join([chr(random.randrange(32,126)) for i in range(3)]) and the hash of the cleartext password (that gets stored in the db) is generated by: hash = md5.md5(md5.md5(cleartext_password).hexdigest() + salt).hexdigest() I'm not sure how common this is, but it is used by vbulletin and I'm trying to interoperate with it. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
