User Tools

Site Tools


security
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Previous revision
Next revision
security [2011/05/03 11:54] dblume
Line 1: Line 1:
 +===== Security =====
  
 +[[http://www.shamusyoung.com/twentysidedtale/?p=11523|Shamus attempts to explain hashing]] then [[http://codahale.com/how-to-safely-store-a-password/|Use bcrypt to store passwords]]. 
 +
 +Consider [[http://code.google.com/p/py-bcrypt/|py-bcrypt]] at code.google.  No documentation there, yet. [[http://www.mindrot.org/projects/py-bcrypt/|Old documentation]].
 +
 +<code>
 +import bcrypt
 +
 +# Hash a password for the first time, with a randomly-generated salt
 +hashed = bcrypt.hashpw(password, bcrypt.gensalt())
 +
 +# gensalt's log_rounds parameter determines the complexity.
 +# The work factor is 2**log_rounds, and the default is 12
 +hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))
 +
 +# Check that an unencrypted password matches one that has
 +# previously been hashed
 +if bcrypt.hashpw(password, hashed) == hashed:
 +    print "It matches"
 +else:
 +    print "It does not match"
 +</code>
 +
 +
 +Never use passwords whose unsalted MD5 hash can be looked up here: [[http://md5.gromweb.com/]]
 +
 +[[http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/|AES encryption of files in Python with PyCrypto]]
 +
 +Someone suggested [[wp>Whirlpool_(cryptography)]], it's offered in [[http://labix.org/python-mhash|mhash]], and a pure-python implementation from Bjorn Edstrom <be@bjrn.se> 16 december 2007 is here [[http://www.bjrn.se/code/whirlpoolpy.txt]].
security.txt · Last modified: 2023/04/12 20:44 by 127.0.0.1