Diez B. Roggisch wrote: > [EMAIL PROTECTED] wrote: > >> I'm still using Python 2.4. In my code, I want to encrypt a password >> and at another point decrypt it. What is the standard way of doing >> encryption in python? Is it the Pycrypto module? > > Usually, one doesn't store clear-text passwords. Instead, use a > hash-algorithm like md5 or crypt (the former is in the standard lib, don't > know of the other out of my head) and hash the password, and store that > hash. > > If a user enters the password, use the same algorithm, and compare the > resulting hashes with the stored one.
And don't forget to add a salt so that same passwords do not have the same hash. But if the password checking is done with a challenge-response mechanism (e.g. HTTP-Digest Auth or SASL with DIGEST-MD5) it's required that the instance checking the password has the clear-text password available. So reversible encryption for storing passwords might be required. Ciao, Michael. -- http://mail.python.org/mailman/listinfo/python-list