Malcolm Tredinnick wrote:
> Be careful to ensure backwards compatibility. Otherwise an
> inconsequential Python upgrade (to 2.5) will mean all your previously
> recorded passwords are now unusable. You need to at least be able to
> check for SHA1-style hashes and use those if necessary no matter which
> version of Python you are using.
Good point. I did a quick test and the SHA-1 hashes are equivalent...
Python 2.4.3 (#1, Nov 3 2006, 21:03:52)
[GCC 4.0.1 (Apple Computer, Inc. build 5247)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import random
>>> rand = str(random.random())
>>> rand
'0.55628289848'
>>> import sha
>>> salt = sha.new(rand).hexdigest()[:5]
>>> raw_pass = 'turing'
>>> hsh = sha.new(salt+raw_pass).hexdigest()
>>> '%s$%s$%s' % ('sha1', salt, hsh)
'sha1$cb374$bd6289a5f976888b532141483391c108656edfb5'
Python 2.5 (r25:51908, Nov 3 2006, 20:49:30)
[GCC 4.0.1 (Apple Computer, Inc. build 5247)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> rand = '0.55628289848'
>>> import hashlib
>>> salt = hashlib.sha1(rand).hexdigest()[:5]
>>> raw_pass = 'turing'
>>> hsh = hashlib.sha1(salt+raw_pass).hexdigest()
>>> '%s$%s$%s' % ('sha1', salt, hsh)
'sha1$cb374$bd6289a5f976888b532141483391c108656edfb5'
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
