The _init_.py initializer for the identity module shows support for md5 and
sha1 in the _encrypt_password method. It shouldn't be hard to extend that
method. It contains this comment:
Hash the given password with the specified algorithm. Valid values
for algorithm are 'md5' and 'sha1'. All other algorithm values will
be essentially a no-op.
Does that mean there is no planned support for other algorithms, or are
other algorithms just awaiting implementation?
Mike
-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Mikkel Høgh
Sent: Saturday, June 09, 2007 5:50 AM
To: TurboGears
Subject: [TurboGears] Securely hashed passwords
Hi there,
I've been wondering how to implement securely hashed passwords in
TurboGears. According to this document here:
http://docs.turbogears.org/1.0/RoughDocs/IdentityEncryptedPassword
there is a mechanism for it (although misnamed - since hashing is not
encryption).
Sadly the document in question claims that the only options are SHA1
or MD5 - and since both of these are vulnerable to cracking, I was
wondering if its really true the only options are those two, since in
Python 2.5, support is built-in with hashlib for SHA224, SHA256,
SHA384, and SHA512
So, my question is - do we support this? If not, why? Is it hard to
implement?b
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
