User Tools

Site Tools


security

This is an old revision of the document!


Security

Shamus attempts to explain hashing then Use bcrypt to store passwords.

Consider py-bcrypt at code.google. No documentation there, yet. Old documentation.

At the bottom of this page, is the compiler used to make Python 2.6 and 2.7 Visual Studio 2008 Express.

import bcrypt

# Hash a password for the first time, with a randomly-generated salt
hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# gensalt's log_rounds parameter determines the complexity.
# The work factor is 2**log_rounds, and the default is 12
hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))

# Check that an unencrypted password matches one that has
# previously been hashed
if bcrypt.hashpw(password, hashed) == hashed:
    print "It matches"
else:
    print "It does not match"

Never use passwords whose unsalted MD5 hash can be looked up here: http://md5.gromweb.com/

AES encryption of files in Python with PyCrypto

Someone suggested Whirlpool_(cryptography), it's offered in mhash, and a pure-python implementation from Bjorn Edstrom be@bjrn.se 16 december 2007 is here http://www.bjrn.se/code/whirlpoolpy.txt.

security.1315890206.txt.gz · Last modified: 2023/04/12 20:44 (external edit)