New submission from Douglas Mayle <doug...@mayle.org>: The SQL Authenticator uses unsalted hashes by default which are susceptible to attacks like Rainbow tables. I'm including a patch to add support, with tests. In addition, it's useful to have a default implementation of the hash function, so I've added that.
---------- files: repozewho_salted_hashes.diff messages: 201 nosy: douglas priority: urgent status: unread title: Repoze.who should support salted hashes for the sqlauthenticator topic: repoze.who __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue85> __________________________________
repozewho_salted_hashes.diff
Description: Binary data
_______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
