Hi,
I have a password in plain text and I want to check if it matches with the
crypted password in auth_user.password field.
I have tried comparing auth_user.password with
str(db.auth_user.password.validate(plain_password)[0]) with no success even
when I know that the passwords match exactly.
The problem seems to boil down to the fact that encryption of the same
string results different encrypted strings. For example,
>>> from gluon.validators import CRYPT, LazyCrypt
>>> crypt = CRYPT()
>>> str(LazyCrypt(crypt, 'mysecret'))
'pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff'
>>> str(LazyCrypt(crypt, 'mysecret'))
'pbkdf2(1000,20,sha512)$a555a267249876fb$bc18f82b72a3a5ebce617f32d6abaa5c48734ab9'
What would be the correct way to check if passwords match when they are
given in encrypted form?
Any hints are appreciated,
Pearu
--
