-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wasn't aware you could pass $2a$ to os.crypt() to get a bcrypted hash. I'll remember that.
I prefer a work factor of 15, I've heard 12-15 being recommended (no references to give though). Anything larger and it takes too long for the user to log in &c... 15 seemed "just right" to me. Daniel Holth <[email protected]> writes: > FULL PEDANTISM ON > > $6$ is a SHA-512-based algorithm developed by Ulrich Drepper of RedHat. > It performs 5000 rounds by default but it supports a rounds= parameter. > The algorithm is only based on SHA-512; each round is more work than > SHA-512 by itself. I prefer bcrypt but this algorithm was specifically > developed for the benefit of those whose list of approved algorithms > only has SHA on it. > > On my Ubuntu system, I can also pass the $2a$ prefix to os.crypt() to > get bcrypt without installing anything, not even the far superior > cryptacular library which wraps a public-domain C implementation of > bcrypt. > > /END PEDANTISM AND SHAMELESS SELF-PROMOTION > > Is the standard bcrypt work factor of 10 (2^10 rounds) really obsolete? > > -- > You received this message because you are subscribed to the Google > Groups "pylons-discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at http://groups.google.com/group/ > pylons-discuss?hl=en. > - -- Parnell "ixmatus" Springmeyer (http://ixmat.us) -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJNtiBpAAoJEPvtlbpI1POLkJ4IAKkeGw+VxcJaL9OTAbGpXlz4 b9L80W/T0Ab9gngYdPNvELVMnz7r+Jeu8CYhgWBXtFVP4b37hwZ78zQHyWBc9jSF sbfngLqYDtfu/bzTMybJOj1rxNAPJJmJs7xmMykNfLXd5w0R/QpsRJ9nr+Bfir5K kcMC6gAoPpxxBn1LvDXwJhQE3DoGjTmkGJjuXZjeXWNDtWjBzBSgQ2cODojgVITz 4dSuQSeBRh2W615oIl9hNt88yr/a5RhtGrP9PSfKEyKv9eDIA5ZWagMgmKqNK2ox C8pnDBnT2Xy7AfLLj6zmSTA0HV55PolZtn8xNaltwSszun/iP0M/KjXRC0m8xh0= =zfzO -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
