On 12 Dec 2012, at 11:31 AM, JoeCodeswell <[email protected]> wrote:
> Thanks, Jonathan. Thanks, Massimo.
>
> Web2py is a GREAT community.
Before we close this thread, I'd like to revisit the reason you were having
trouble in the first place. It shouldn't be necessary to use the same (or no)
salt on different installations for passwords to work correctly (as long as you
use the same key).
For example:
In [15]: CRYPT(salt=False)('dummy')[0].__str__()
Out[15]: 'pbkdf2(1000,20,sha512)$$9381f513faf7c848adb9b1d908b62a9391dc2db8'
In [16]:
CRYPT(salt=True)('dummy')[0].__eq__('pbkdf2(1000,20,sha512)$$9381f513faf7c848adb9b1d908b62a9391dc2db8')
Out[16]: True
In [25]:
CRYPT(salt='anyoldsalt')('dummy')[0].__eq__('pbkdf2(1000,20,sha512)$$9381f513faf7c848adb9b1d908b62a9391dc2db8')
Out[25]: True
All three CRYPT calls generate different salts and hashes, but the results
compare equal. Just be sure that you're using the CRYPT object's equality test,
and not merely comparing the hash strings.
>
> Thanks, again.
>
> Love and peace,
>
> Joe
>
> On Wednesday, December 12, 2012 10:38:10 AM UTC-8, Jonathan Lundell wrote:
> On 12 Dec 2012, at 10:30 AM, JoeCodeswell <[email protected]> wrote:
>> Dear Massimo and Jonathan,
>>
>> In my last post i said "I'm still not sure how to change my app instances,
>> however."
>>
>> I thought about it a little bit and my guess is that i should add
>>
>> db.auth_user.password.requires[0].salt = False
>>
>> someplace in db.py. Is that right?
>>
>> Thanks for the help.
>>
>> Love and peace,
>
> Either that or pass salt=False to the CRYPT constructor. Same effect.
>
>
--
