"dcrespo" <[EMAIL PROTECTED]> writes: > > Can you say what your application is? That will help figure out > > how far you need to go to protect these passwords, and what > > alternatives might be possible. > > Sure, no problem (see this on fixed text):
Well, I mean, what kind of data is it? Sports chat? Personal correspondence? Financial info like credit card numbers? Medical records? Military/diplomatic traffic? I'm asking how severe the security requirements are. > All ClientServers log in supplying only one hashed password. It is > hashedly stored in MasterServer. Why do you want to do that? All of them get compromised if the one password is compromised. What do you mean by "password"? If it's not something a user has to remember and type in, then I hope you mean a long random string rather than a password. I sort of remember your mentioning this though. > All this is sustented over a VPN. If the VPN is any good, it should authenticate all the peers in some reasonable way, so why do you need this password stuff at all? -- http://mail.python.org/mailman/listinfo/python-list