Hi, I am going to have a go at adding a new authentication method to repoze.who. It's like the standard forms authentication, but uses JavaScript hashing to protect the password as it is transmitted.
There's information about the scripts here, explaining how the system works, how it avoids replay attacks, copes with js being disabled, ensures that the password is protected when stored on the server, and why SHA1/MD5 are ok to use, despite the more recent weaknesses. http://pajhome.org.uk/crypt/md5/ I know many people are using my scripts, so I think this would be a good feature for repoze.who. I've not used repoze.who so far, so lets see how I get on. If anyone would like to lend a hand, just let me know. Paul _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
