There is a algorithm, bcrypt [1], that has been designed by people of OpenBSD team to hashing passwords. It generates automatically random salts for each password raw, and it's adaptable to future processor performance improvements
[1] http://pypi.python.org/pypi/bcryptWrap On 18 feb, 19:45, Ben Bangert <[email protected]> wrote: > On Feb 18, 2009, at 7:26 AM, [email protected] wrote: > > > Can you help me to provide Advanced Homegrown Auth with mysql md5 > > support (passwords in users.password table). Probably sources or > > etc... i'm beginner in pylons and can't understand way to build using > > this article > >http://wiki.pylonshq.com/display/pylonscookbook/Advanced+Homegrown > > +Auth > > Note that you don't want to merely md5 the users password with a > private salt as that still enables rainbow table attacks > (http://en.wikipedia.org/wiki/Rainbow_table > ). This is because you should generally assume that it might be > possible for an attacker to get both the db contents, and your private > salt. The generally recommended approach is to instead generate a > random salt for each user, and store it with the hashed password. As > md5 isn't very good nowadays due to its collision space, SHA is > usually recommended. > > I store the unique salt as the first 40 characters, and the hashed > value as the second 40. Here are the functions I use to do this in the > PylonsHQ > site:http://bitbucket.org/bbangert/kai/src/tip/kai/model/human.py#cl-68 > > Cheers, > Ben > > smime.p7s > 3 KVerDescargar --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
