Hi, Your timing is interesting, I'm just about to submit a patch to support JavaScript hashing of passwords, which interacts with this.
If you use random per-user salts, which is the common approach, JS hashing requires an Ajax request at login. Not an enormous problem, but not ideal either. If the salt is hmac_sha1(master_salt, user_name) or some variant of this, you get the same benefits of salting, but avoid the ajax request at login. master_salt is a site-specific value. Paul >> So, I've finished it off and submitted the patch to issue 85: >> http://bugs.repoze.org/issue85 _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
