On Feb 7, 2010, at 12:10 PM, mr.freeze wrote: > Looking at CRYPT, if you provide a key but not a digest algorithm, it > will try to get the digest alg by splitting the key between a colon. > So you could say: > > auth.settings.hmac_key = 'sha512:%s' % vpepm_hmac_key
That did the trick. Thanks, I hadn't noticed the split. Massimo, that's contrary to the documentation. > > On Feb 7, 1:44 pm, Jonathan Lundell <jlund...@pobox.com> wrote: >> I've got this (where the key is a text string): >> >> from gluon.tools import * >> auth=Auth(globals(),db) # authentication/authorization >> auth.settings.hmac_key = vpepm_hmac_key >> auth.define_tables() # creates all needed tables >> >> # invoke IS_STRONG only for password creation, not password checking >> if "login" not in request.args: >> auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, >> upper=1, lower=1, number=1, special=1)] >> >> All my logins are failing with a bad password. I've got a sha512 hash in my >> user database (manually initialized), but the login form is returning an md5 >> hash, presumably because digest_alg is set to md5. The manual says, "If a >> key is specified it uses the HMAC+SHA512 with the provided key," but I don't >> see where digest_alg is ever set to sha512. >> >> Is there a bug, or am I doing something wrong? -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.