Re: Password Generator
Thanks Felix. This works great. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
Felix Ingram wrote: > I've put the above on the wiki > (http://code.djangoproject.com/wiki/AdminApplication) which is off the > common pitfalls page. Felix - many thanks for the great explination. This is exactly what I was looking for. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
On 7/12/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > On 7/12/06, Jyrki Pulliainen <[EMAIL PROTECTED]> wrote: > > > > On 7/12/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > > > salt = sha.new(str(random.random())).hexdigest()[:5] > > > > Dunno is this really a developer question, but is there really a point > > using sha there? That one could be done without sha too using > > random.getrandbits(bits), eg.: > > > > ('%x' % random.getrandbits(128))[:5] > > > > Not as pretty as the sha-solution, but a bit more efficent and not > > using the 'useless' sha there. > > I don't see a problem with your solution. I just copied the existing > code. I wouldn't worry about efficency (though I suspect you're not > really) given the number of times this function is likely to be used. > Sha'ing random won't make it any more random; I suppose it's just down > to personal preference. Yeah, that's propably not so time critical. This was just general wondering :) By the way, you could mention on the wiki page, that user shouldn't use your script on any server which admin(s) he/she cannot trust. Linux is as secure as any else if the admin worth trusting. :) Also, the history file can be done unreadable by other users if it's not already so (chmod 0700 ~/.bash_history) -- Jyrki // [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
On 7/12/06, Jyrki Pulliainen <[EMAIL PROTECTED]> wrote: > > On 7/12/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > > salt = sha.new(str(random.random())).hexdigest()[:5] > > Dunno is this really a developer question, but is there really a point > using sha there? That one could be done without sha too using > random.getrandbits(bits), eg.: > > ('%x' % random.getrandbits(128))[:5] > > Not as pretty as the sha-solution, but a bit more efficent and not > using the 'useless' sha there. I don't see a problem with your solution. I just copied the existing code. I wouldn't worry about efficency (though I suspect you're not really) given the number of times this function is likely to be used. Sha'ing random won't make it any more random; I suppose it's just down to personal preference. F. > > -- > Jyrki // [EMAIL PROTECTED] > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
On 7/12/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > salt = sha.new(str(random.random())).hexdigest()[:5] Dunno is this really a developer question, but is there really a point using sha there? That one could be done without sha too using random.getrandbits(bits), eg.: ('%x' % random.getrandbits(128))[:5] Not as pretty as the sha-solution, but a bit more efficent and not using the 'useless' sha there. -- Jyrki // [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
On 7/12/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > On 7/12/06, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote: > So whack the following into a script or type it into a interactive session > > import sha, random > raw_password = script though)> > algo = 'sha1' > salt = sha.new(str(random.random())).hexdigest()[:5] > hsh = sha.new(salt+raw_password).hexdigest() > print "%s$%s$%s" % (algo, salt, hsh) I've put the above on the wiki (http://code.djangoproject.com/wiki/AdminApplication) which is off the common pitfalls page. Someone can move it to somewhere more appropriate if need be. People could then point to this rather than explain to newbies how helpful they are on #django. F. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
On 7/12/06, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote: > > On Wed, 2006-07-12 at 03:18 +, Scott McCracken wrote: > > I also ran into this problem when trying to create new users in the > > Django admin interface. According to the Django documentation "We've > > added extra security to the stored passwords in Django's authentication > > system. Thanks to a patch from GomoX, passwords are now stored with a > > salt and use SHA-1 encryption instead of MD5." > > > > If anyone could shed some light on a SHA-1 password generator it would > > be much appreciated. Thanks! > > To quote from mail I sent to this list just yesterday: > >"To create this string from the raw password, you have to use >some code like that found in >django.contrib.auth.models.User.setpassword() (you can't use >that code precisely, because it is designed to work with a user >object)." This is the code from setpassword(): def set_password(self, raw_password): import sha, random algo = 'sha1' salt = sha.new(str(random.random())).hexdigest()[:5] hsh = sha.new(salt+raw_password).hexdigest() self.password = '%s$%s$%s' % (algo, salt, hsh) So whack the following into a script or type it into a interactive session import sha, random raw_password = algo = 'sha1' salt = sha.new(str(random.random())).hexdigest()[:5] hsh = sha.new(salt+raw_password).hexdigest() print "%s$%s$%s" % (algo, salt, hsh) Hope that helps, F. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Password Generator
I also ran into this problem when trying to create new users in the Django admin interface. According to the Django documentation "We've added extra security to the stored passwords in Django's authentication system. Thanks to a patch from GomoX, passwords are now stored with a salt and use SHA-1 encryption instead of MD5." If anyone could shed some light on a SHA-1 password generator it would be much appreciated. Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Password Generator
I'm pretty new at this Django stuff and I really like using the free Admin except for creating new users because it's difficult to create passwords. Is there anyone out there interested in building a "Django Password Generator" -- a utility to create the string for inserting new users? It would be a great way to attract some visitors to a new project, for example. ;-) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---