User Tools

Site Tools


security

This is an old revision of the document!


Security

Shamus attempts to explain hashing then Use bcrypt to store passwords.

Consider py-bcrypt at code.google. No documentation there, yet. Old documentation.

import bcrypt

# Hash a password for the first time, with a randomly-generated salt
hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# gensalt's log_rounds parameter determines the complexity.
# The work factor is 2**log_rounds, and the default is 12
hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))

# Check that an unencrypted password matches one that has
# previously been hashed
if bcrypt.hashpw(password, hashed) == hashed:
    print "It matches"
else:
    print "It does not match"

Never use passwords whose unsalted MD5 hash can be looked up here: http://md5.gromweb.com/

AES encryption of files in Python with PyCrypto

Someone suggested Whirlpool_(cryptography), it's offered in mhash, and a pure-python implementation from Bjorn Edstrom be@bjrn.se 16 december 2007 is here http://www.bjrn.se/code/whirlpoolpy.txt.

security.1304448882.txt.gz · Last modified: 2023/04/12 20:44 (external edit)