Dear all, I'm a little bit lost with Crypto method.
I need authentication from a mobile app towards web2py.
If I'm not in wrong, web2py now uses sha512 as default to crypt auth user
password.
>From my iOS app I'm sending the password encrypted with the same Hash
Algorithm sha512, because I don't want to send the password
clear through the net
>From web2py console I can do:
b='sha512$$83d97b71499bee6b9d42dee9d3a6e5d00ecc8c891346d25d1909b3aac9abaa0ad4864fe4eacf159cd3f4a0ad764178d014ac378dfffc5e4023f6dbcfb0992648'
where b is exactly my mobile password string that I'm sending to web2py
trough "Json"
>>> b
'sha512$$83d97b71499bee6b9d42dee9d3a6e5d00ecc8c891346d25d1909b3aac9abaa0ad4864fe4eacf159cd3f4a0ad764178d014ac378dfffc5e4023f6dbcfb0992648'
>>> a= CRYPT(digest_alg='sha512',salt=False)('pippo')[0]
now ,if I do a==b, it returns True
The problem is that I'm not able to compare auth.user password with my
mobile password!
Both are encrypted, with the same algorithm, but auth.login_bare(user,psw)
returns alway false because it wants clear-password
The solution to me appears that I have to compare the two encrypted
password, but may be on the wrong way.
Help please...
Marco
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
