[[Security]]
 

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

security [2011/05/03 10:30]
dblume created
security [2015/11/08 17:00] (current)
dblume
Line 1: Line 1:
-===== Security =====+====== Security =====
 + 
 +===== Google ===== 
 + 
 +Quick links in case you need to verify things: 
 + 
 +  * [[https://myaccount.google.com/security?pli=1|Security Home]] 
 +  * [[https://security.google.com/settings/security/permissions|Connected Apps]] 
 +  * [[https://security.google.com/settings/security/apppasswords|One time app passwords]] 
 + 
 +===== General Security ===== 
 + 
 +[[http://www.shamusyoung.com/twentysidedtale/?p=11523|Shamus attempts to explain hashing]] then [[http://codahale.com/how-to-safely-store-a-password/|Use bcrypt to store passwords]].  
 + 
 +Consider [[http://code.google.com/p/py-bcrypt/|py-bcrypt]] at code.google.  No documentation there, yet. [[http://www.mindrot.org/projects/py-bcrypt/|Old documentation]]. 
 + 
 +At the bottom of this page, is the compiler used to make Python 2.6 and 2.7 [[http://www.microsoft.com/visualstudio/en-us/products/2010-editions/express#Visual_Studio_2008_Express_Downloads|Visual Studio 2008 Express]]. 
 + 
 +On Windows, you'll have to make the following change: 
 +<code> 
 +$ diff bcrypt_python.c.org bcrypt_python.c 
 +70a71,72 
 +>       char *password_copy; 
 +>       char *salt_copy; 
 +76,77c78,79 
 +<       char *password_copy = strdup(password); 
 +<       char *salt_copy = strdup(salt); 
 +--- 
 +>       password_copy = strdup(password); 
 +>       salt_copy = strdup(salt); 
 +</code> 
 + 
 +Then you can build it with setup, like so: 
 + 
 +<code> 
 +c:\Python27\python.exe setup.py build 
 +</code> 
 + 
 +<code> 
 +import bcrypt 
 + 
 +# Hash a password for the first time, with a randomly-generated salt 
 +hashed = bcrypt.hashpw(password, bcrypt.gensalt()) 
 + 
 +# gensalt's log_rounds parameter determines the complexity. 
 +# The work factor is 2**log_rounds, and the default is 12 
 +hashed = bcrypt.hashpw(password, bcrypt.gensalt(10)) 
 + 
 +# Check that an unencrypted password matches one that has 
 +# previously been hashed 
 +if bcrypt.hashpw(password, hashed) == hashed: 
 +    print "It matches" 
 +else: 
 +    print "It does not match" 
 +</code>
  
-[[http://www.shamusyoung.com/twentysidedtale/?p=11523|Shamus attempts to explain hashing]] then [[http://codahale.com/how-to-safely-store-a-password/|Use bcrypt to store passwords]]. 
  
 Never use passwords whose unsalted MD5 hash can be looked up here: [[http://md5.gromweb.com/]] Never use passwords whose unsalted MD5 hash can be looked up here: [[http://md5.gromweb.com/]]
  
-[[http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/|AES encryption of files in Python with PyCrypto]]+[[http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/|AES encryption of files in Python with PyCrypto]]. Note that pycrypto-2.3 can be built with the same ''c:\Python27\python.exe setup.py build'' mechanism. 
 + 
 +Someone suggested [[wp>Whirlpool_(cryptography)]], it's offered in [[http://labix.org/python-mhash|mhash]], and a pure-python implementation from Bjorn Edstrom <be@bjrn.se> 16 december 2007 is here [[http://www.bjrn.se/code/whirlpoolpy.txt]]. 
 + 
 +==== Verification ==== 
 + 
 +Maybe I should try to automate a way to verify the SHA1 Checksums of PGP signatures and upon success, verify the PHP signatures.  Here's an old recipe: [[http://dannyman.toldme.com/2007/03/30/howto-verify-pgp-signature/|HOWTO: Verify a PGP Signature]].
  
-Someone suggested [[wp>Whirlpool_(cryptography)]]+**Keywords**: crypt, cryptography pgp sha
security.1304443801.txt.gz · Last modified: 2012/01/27 00:15 (external edit)
 
Recent changes RSS feed Driven by DokuWiki