"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes: > Basically, what I am trying to do is display all comments by a > specified user on the website. As the only thing which has =always= > been used to identify users which never changes is their e-mail > addresses, this is the only thing which I can use. Obviously, I can't > display this e-mail address though.
Assign a unique number to each user in the system, and use the number. Email addresses aren't necessarily stable since users should be able to change their email addresses. If you really want to use a hash, use the hmac module: import hmac hash = hmac.new('swordfish', '[EMAIL PROTECTED]').hexdigest() where instead of swordfish you'd use some random constant string that you keep secret. The secrecy stops attackers from figuring out whether a given address has a specific hash per Mark Rintsch's comment. You'll still have to main a table mapping hashes back to addresses, since the hashes are not reversable. If you HAVE to have reversible encryption, you could use http://nightsong.com/phr/crypto/p3.py note that the string you get is binary and is longer than the input string even before you encode it to printing chars. Note also that it reveals the length of its input. To generate a random string, use os.urandom: import os, binascii secret_string = binascii.hexlify(os.urandom(16)) you'd then embed the secret string in your program or database. You then face the problem of keeping it secret, which is not trivial. Overall you're better off just assigning ID numbers to users like most BBS's do. -- http://mail.python.org/mailman/listinfo/python-list