So, I've finished it off and submitted the patch to issue 85: http://bugs.repoze.org/issue85
In absence of comments, I decided for backwards compatibility over standards compliance and used hex storage for the data. I could modify this to switch to base64 for both, since the unsalted SHA1 hash is always 160 bits and would always end with an equals sign (which is unambiguously not hex). This is not true for the salted version, so it might be a lost opportunity to switch to standard compliance... I think I'll update my patch to support both, and let you choose between them... Douglas Mayle On May 19, 2009, at 3:03 PM, Douglas Mayle wrote: > On further inspection, it uses a hex form of the digest. Is there any > preference between that and RFC 2307 schemes, which use base64 for > encoding? > > Doug > > On May 19, 2009, at 1:57 PM, Douglas Mayle wrote: > >> Hello all, >> I've noticed that the default_password_compare in sql.py uses >> unsalted hashes, and so I was planning to submit a patch to fix that. >> I figured, however, that it might be a good idea to provide a >> default_password_hasher so that users of repoze.who could just import >> that into their model and have the two work in conjunction. Before I >> did it, however, I wanted to make sure that there wasn't something I >> was missing... >> >> Thanks, >> Douglas Mayle >> _______________________________________________ >> Repoze-dev mailing list >> Repoze-dev@lists.repoze.org >> http://lists.repoze.org/listinfo/repoze-dev > > _______________________________________________ > Repoze-dev mailing list > Repoze-dev@lists.repoze.org > http://lists.repoze.org/listinfo/repoze-dev _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
