Re: password encryption

2013-03-01 Thread Tomas Neme 
> We haven't used SHA-based or MD5-based hashing for some time.

oh, I was convinced sha2 was being used.

I probably just read the code a while ago and didn't notice it in the changelogs


--
"The whole of Japan is pure invention. There is no such country, there
are no such people" --Oscar Wilde

|_|0|_|
|_|_|0|
|0|0|0|

(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: password encryption

2013-02-28 Thread Russell Keith-Magee 
Hi Tomas,

If you dig into Django's password tools, you'll discover that we use PBKDF2
by default, and have an option to use bcrypt. We also have a pluggable
backend that allows you to define your own hashing algorithm if you'd
prefer something harder, or if something emerges that supersedes PBKDF2.

We haven't used SHA-based or MD5-based hashing for some time.

Yours,
Russ Magee %-)

On Wed, Feb 27, 2013 at 11:36 PM, Tomas Neme  wrote:

> and here it presses an even stronger case about NOT using bcrypt but
> something even slower
>
> http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html
>
> On Wed, Feb 27, 2013 at 12:33 PM, Tomas Neme 
> wrote:
> > I just ran into this. It presses a pretty strong case...
> >
> > http://codahale.com/how-to-safely-store-a-password/
> >
> > --
> > "The whole of Japan is pure invention. There is no such country, there
> > are no such people" --Oscar Wilde
> >
> > |_|0|_|
> > |_|_|0|
> > |0|0|0|
> >
> > (\__/)
> > (='.'=)This is Bunny. Copy and paste bunny
> > (")_(") to help him gain world domination.
>
>
>
> --
> "The whole of Japan is pure invention. There is no such country, there
> are no such people" --Oscar Wilde
>
> |_|0|_|
> |_|_|0|
> |0|0|0|
>
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny
> (")_(") to help him gain world domination.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: password encryption

2013-02-27 Thread Tomas Neme 
and here it presses an even stronger case about NOT using bcrypt but
something even slower

http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html

On Wed, Feb 27, 2013 at 12:33 PM, Tomas Neme  wrote:
> I just ran into this. It presses a pretty strong case...
>
> http://codahale.com/how-to-safely-store-a-password/
>
> --
> "The whole of Japan is pure invention. There is no such country, there
> are no such people" --Oscar Wilde
>
> |_|0|_|
> |_|_|0|
> |0|0|0|
>
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny
> (")_(") to help him gain world domination.



--
"The whole of Japan is pure invention. There is no such country, there
are no such people" --Oscar Wilde

|_|0|_|
|_|_|0|
|0|0|0|

(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

password encryption

2013-02-27 Thread Tomas Neme 
I just ran into this. It presses a pretty strong case...

http://codahale.com/how-to-safely-store-a-password/

--
"The whole of Japan is pure invention. There is no such country, there
are no such people" --Oscar Wilde

|_|0|_|
|_|_|0|
|0|0|0|

(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Password encryption

2009-11-16 Thread Denis Bahati 
Nah;
Here is my Model.
class Title(models.Model):
name = models.CharField(max_length=10)

def __unicode__(self):
return self.name

class UserProfile(models.Model):
title = models.ForeignKey(Title)
address = models.TextField()
date_added = models.DateTimeField()

class UserProfileForm(ModelForm):
username=forms.CharField(label=("User Name"), max_length=100)
password_Confirm=forms.CharField(label=("Confirm Password"),
widget=forms.PasswordInput,max_length=100)
first_name=forms.CharField(label=("First Name"), max_length=100)
last_name=forms.CharField(label=("Last Name"), max_length=100)
date_added=forms.DateField()
class Meta:
model = UserProfile

here is my view.py

from django.contrib.auth import authenticate, login
from django.http import HttpResponse
from django.shortcuts import get_object_or_404
from django.shortcuts import get_list_or_404
from django.template import loader, Context
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
from commTrack.commtrack.models import *

def UserProfileEditor(request, id=None):
form = UserProfileForm(request.POST or None,
   instance=id and UserProfile.objects.get(id=id))

# Save new/edited User
if request.method == 'POST' and form.is_valid():
form.save()
return HttpResponseRedirect('/commTrack/userProfile/list/')

return render_to_response('userProfile/adduserProfile.html',
{'form':form})

and here is my form.html

{%
block form_top %}{% endblock %}




{{ form.title.errors }}




Title:



{{ form.title }}




{{ form.first_name.errors }}




First Name:



{{ form.first_name }}




{{ form.last_name.errors }}




Last Name:



{{ form.last_name }}




{{ form.address.errors }}




Address:



{{ form.address }}




{{ form.username.errors }}




User Name:



{{ form.username }}




{{ form.password.errors }}




Password:



{{ form.password }}




{{ form.password_Confirm.errors }}




Confirm Password:



{{ form.password_Confirm }}




{{ form.date_added.errors }}




Date Added:



{{ form.date_added }}











It does not save anything when i click the submit button and it remains on
the same interface. Any ideas?


On Mon, Nov 16, 2009 at 7:50 AM, Gabriel Gunderson  wrote:

> On Thu, Nov 5, 2009 at 12:51 AM, Denis Bahati  wrote:
> > My project require to have my own table for users and roles. Am not using
> > the default auth table.
>
> Does this work for your additional user info?
>
>
> http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
>
> Gabe
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=.
>
>
>

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=.

Re: Password encryption

2009-11-15 Thread Gabriel Gunderson 
On Thu, Nov 5, 2009 at 12:51 AM, Denis Bahati  wrote:
> My project require to have my own table for users and roles. Am not using
> the default auth table.

Does this work for your additional user info?

http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users

Gabe

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=.

Re: Password encryption

2009-11-05 Thread Vany 

You can use the same method that django uses I've tried it and it
works
in your model inside the class for example users and after the
definitions of the fields
write


def save(self):
raw_password = self.password
import random
algo = 'sha1'
salt = get_hexdigest(algo, str(random.random()), str
(random.random()))[:5]
hsh = get_hexdigest(algo, salt, raw_password)
password = '%s$%s$%s' % (algo, salt, hsh)
self.password = password
super(yourclass,self).save()


or there is another method like this.

but I don't like so much

def _get_ssn(self):
enc_obj = Blowfish.new( settings.SECRET_KEY )
return u"%s" % enc_obj.decrypt( binascii.a2b_hex
(self.password) ).rstrip()

def _set_pass(self, ssn_value):
 enc_obj = Blowfish.new( settings.SECRET_KEY )
 repeat = 8 - (len( ssn_value ) % 8)
 ssn_value = ssn_value + " " * repeat
 password = binascii.b2a_hex(enc_obj.encrypt( ssn_value ))
 return password

sspass = property(_get_ssn)

def save(self):
   self.password = self._set_pass(self.password)
super(Usuario,self).save()


with the last method you need to add this from Crypto.Cipher import
Blowfish
and you have to install Crypto.Cipher.

I hope you solve your problem

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: password encryption not working...

2009-08-12 Thread Karen Tracey 
On Wed, Aug 12, 2009 at 7:50 AM, rekha  wrote:

>
> Hi all,
> im a newbie, developing a django online address book application.
> using mod_python, apache2, postgresql for database.
>
> i have two tables in my database viz login_table and contact_table..
> login_table stores username and password.. contact table stores first
> name, last name, phone number, email id.. i have created a login page
> that accepts username and password.. i need my application to store
> the password in encrypted form in the database.
> how to do password encryption? i have tried some codings ,but that
> doesnt work out. this is my models.py code.
>

"It doesn't work" followed by a bunch of code and then a request for how to
fix it is frequently asking too much of your potential helpers, unless there
happens to be someone in the audience who is very bored with a lot of time
on their hands and looking for a puzzle to solve.  Specifics of what
"doesn't work" looks like (exception? passwords never match? machine catches
fire?) would be the minimum you would want to provide to help people help
you.

In this case, though, my first question is why are you doing all of this
yourself instead of using Django's built in user authentication framework?
If the specifics of what is stored in the Django User model does not match
what you are looking for there are ways to extend User (via profiles).  If
you absolutely positively need to be re-implementing all of this stuff
yourself I'd suggest you look at the Django authentication code
(django/contrib/auth) for some guidance on how to do it.

Karen

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

password encryption not working...

2009-08-12 Thread rekha 

Hi all,
im a newbie, developing a django online address book application.
using mod_python, apache2, postgresql for database.

i have two tables in my database viz login_table and contact_table..
login_table stores username and password.. contact table stores first
name, last name, phone number, email id.. i have created a login page
that accepts username and password.. i need my application to store
the password in encrypted form in the database.
how to do password encryption? i have tried some codings ,but that
doesnt work out. this is my models.py code.

===models.py
from django.conf import settings
import binascii
from os import urandom
from base64 import b64encode, b64decode
from django.db import models
from Crypto.Cipher import ARC4

def get_value(usr_name):
def f(self):
return login_table.decrypt(getattr(self, 'e_%s'%usr_name))
return f

def set_value(usr_name):
def f(self, value):
setattr(self, 'e_%s'%usr_name, login_table.encrypt(value))
return f


class login_table(models.Model):
SALT_SIZE = 8
usr_name = models.CharField(max_length=100,unique=True,blank=True)
pswd = models.CharField(max_length=50,blank=True)
def encrypt(plaintext):
salt = urandom(login_table.SALT_SIZE)
arc4 = ARC4.new(salt + settings.SECRET_KEY)
plaintext = "%3d%s%s" % 
(len(plaintext),plaintext,urandom(256-len
(plaintext)))
return "%s$%s" % (b64encode(salt), b64encode(arc4.encrypt
(plaintext)))
def decrypt(ciphertext):
salt, ciphertext = map(b64decode, ciphertext.split('$'))
arc4 = ARC4.new(salt + settings.SECRET_KEY)
plaintext = arc4.decrypt(ciphertext)
return plaintext[3:3+int(plaintext[:3].strip())]
def encrypted_property(username):
return property(get_value(username), set_value(username))
usr_name = encrypted_property('usr_name')
pswd = encrypted_property('pswd')

def __unicode__(self):
return self.usr_name
class contact_table(models.Model):
fname = models.CharField(max_length=50,unique=True)
lname = models.CharField(max_length=50)
ph_num = models.CharField(max_length=50)
email = models.EmailField(max_length=75)
usr_name = models.ForeignKey(login_table)
def __unicode__(self):
return '%s%s%s%s' % 
(self.fname,self.lname,self.ph_num,self.email)

How to fix this problem? and is there any pre-defined functions to do
password encryption?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---