Rutenberg, you're correct. bcrypt is only a solution for storing the hash of passwords of secure way. In fact, it's the way more secure and easy that I've found; and it has been implemented and is being used by OpenBSD.
Your method has a point of failure. Whatever can see your code JS (client-code), so he will know what are you making with the password that is sent from a form. The best options are https or using HMAC-SHA1/RIPEMD160 On 31 ene, 12:24, Guy Rutenberg <guyrutenb...@gmail.com> wrote: > Hi Kless, > > Correct me if I'm wrong but bcrypt can be used as a solution for > storing the passwords in the database (instead of the default sha1) > but it doesn't provide the solution I'm looking for: not sending plain- > text passwords in login forms. Anyway bcrypt sounds interesting, > especially its ability to adapt to processor improvments. > > Thanks, > > Guy > > On Jan 31, 11:41 am, Kless <jonas....@googlemail.com> wrote: > > > I recommend you to use bcrypt, the password-hashing algorithm used in > > OpenBSD. > > > The advantages are that it creates and manages auto. the salt for each > > password entered; And the most important is that it is adaptable to > > future processor performance improvements. > > >http://pypi.python.org/pypi/bcryptWrap --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
