security
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Previous revisionNext revision | |||
— | security [2011/09/14 09:23] – dblume | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== Security ===== | ||
+ | [[http:// | ||
+ | |||
+ | Consider [[http:// | ||
+ | |||
+ | At the bottom of this page, is the compiler used to make Python 2.6 and 2.7 [[http:// | ||
+ | |||
+ | On Windows, you'll have to make the following change: | ||
+ | < | ||
+ | $ diff bcrypt_python.c.org bcrypt_python.c | ||
+ | 70a71,72 | ||
+ | > char *password_copy; | ||
+ | > char *salt_copy; | ||
+ | 76,77c78,79 | ||
+ | < char *password_copy = strdup(password); | ||
+ | < char *salt_copy = strdup(salt); | ||
+ | --- | ||
+ | > | ||
+ | > | ||
+ | </ | ||
+ | |||
+ | Then you can build it with setup, like so: | ||
+ | |||
+ | < | ||
+ | c: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | import bcrypt | ||
+ | |||
+ | # Hash a password for the first time, with a randomly-generated salt | ||
+ | hashed = bcrypt.hashpw(password, | ||
+ | |||
+ | # gensalt' | ||
+ | # The work factor is 2**log_rounds, | ||
+ | hashed = bcrypt.hashpw(password, | ||
+ | |||
+ | # Check that an unencrypted password matches one that has | ||
+ | # previously been hashed | ||
+ | if bcrypt.hashpw(password, | ||
+ | print "It matches" | ||
+ | else: | ||
+ | print "It does not match" | ||
+ | </ | ||
+ | |||
+ | |||
+ | Never use passwords whose unsalted MD5 hash can be looked up here: [[http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | Someone suggested [[wp> | ||
+ | |||
+ | ==== Verification ==== | ||
+ | |||
+ | Maybe I should try to automate a way to verify the SHA1 Checksums of PGP signatures and upon success, verify the PHP signatures. | ||
+ | |||
+ | **Keywords**: |
security.txt · Last modified: 2023/04/12 20:44 by 127.0.0.1