Yes, varchar(128). Here's the output of that command on both servers
from the terminal:
Production:
>>> import hmac
>>> import hashlib
>>> d= hmac.new('mykey','mypass',hashlib.sha512)
>>> d.hexdigest()
'485c79d8330897e613847f64333a0ccebd705b1902c4c4872cb1b7cc9ad856eb00e70dd11474b39282699a453dead6d86d6f482992778bb9166d9c920f9fa694'
Development:
>>> import hmac
>>> import hashlib
>>> d = hmac.new('mykey','mypass',hashlib.sha512)
>>> d.hexdigest()
'46fb33cd6220b470d7fecb3dfb547fb2501517ca9695f8527895d1a4a1e515c0a05c8c1f15bd6f0439848717af00bdde902b50be454dd81878a9fce362b2e501'
They're supposed to be the same, right? Or am I misunderstanding how
this works.
On Aug 23, 6:34 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> I cannot reproduce any machine dependence. I tried:
>
> hmac.new('mykey','something',hashlib.sha512).hexdigest()
>
> How long is your password field. Is it 128 bytes?
>
> Massimo
>
> On Aug 23, 5:57 pm, "mr.freeze" <nat...@freezable.com> wrote:
>
> > I have a strange situation and I know virtually nothing about
> > cryptography. I am passing a key to my auth password requires
> > statement after the recent discussion on security strength like so:
>
> > if "login" in request.args:
> > t.password.requires = [CRYPT(key='mykey')]
> > else:
> > t.password.requires = [IS_STRONG(upper=1,number=1,special=1),CRYPT
> > (key='mykey')]
>
> > Here's the weird part: I have a dev server and a production server
> > that are both running web2py and pointed to the same MySQL database.
> > If I reset a user password from the dev server (retrieve_password), I
> > can only log in from the dev server after that. The same is true for
> > the production machine. Resetting from the production server reverses
> > the situation.
>
> > I have stepped through the code and verified that at line 779 in
> > tools.py user[passfield] is indeed different than form.vars.get
> > (passfield, '') (both look like valid password hashes) so user = None,
> > and thus login fails.
>
> > All I can figure is that the encryption is bound to the machine that
> > generated the password hash. I'm using the same version of Python and
> > web2py. Can someone verify or explain?
>
> > As always, thanks for your help.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
