Since revison 3049 in trunk (also merged into the 1.0 branch) you can specify custom algorithms in the config.
On 6/9/07, OldPond <[EMAIL PROTECTED]> wrote: > > The _init_.py initializer for the identity module shows support for md5 and > sha1 in the _encrypt_password method. It shouldn't be hard to extend that > method. It contains this comment: > > Hash the given password with the specified algorithm. Valid values > for algorithm are 'md5' and 'sha1'. All other algorithm values will > be essentially a no-op. > > Does that mean there is no planned support for other algorithms, or are > other algorithms just awaiting implementation? > > Mike > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Mikkel Høgh > Sent: Saturday, June 09, 2007 5:50 AM > To: TurboGears > Subject: [TurboGears] Securely hashed passwords > > > Hi there, > > I've been wondering how to implement securely hashed passwords in > TurboGears. According to this document here: > http://docs.turbogears.org/1.0/RoughDocs/IdentityEncryptedPassword > there is a mechanism for it (although misnamed - since hashing is not > encryption). > > Sadly the document in question claims that the only options are SHA1 > or MD5 - and since both of these are vulnerable to cracking, I was > wondering if its really true the only options are those two, since in > Python 2.5, support is built-in with hashlib for SHA224, SHA256, > SHA384, and SHA512 > > So, my question is - do we support this? If not, why? Is it hard to > implement?b > > > > > > > -- cheers elvelind grandin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
