Re: password encryption
> We haven't used SHA-based or MD5-based hashing for some time. oh, I was convinced sha2 was being used. I probably just read the code a while ago and didn't notice it in the changelogs -- "The whole of Japan is pure invention. There is no such country, there are no such people" --Oscar Wilde |_|0|_| |_|_|0| |0|0|0| (\__/) (='.'=)This is Bunny. Copy and paste bunny (")_(") to help him gain world domination. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: password encryption
Hi Tomas, If you dig into Django's password tools, you'll discover that we use PBKDF2 by default, and have an option to use bcrypt. We also have a pluggable backend that allows you to define your own hashing algorithm if you'd prefer something harder, or if something emerges that supersedes PBKDF2. We haven't used SHA-based or MD5-based hashing for some time. Yours, Russ Magee %-) On Wed, Feb 27, 2013 at 11:36 PM, Tomas Neme wrote: > and here it presses an even stronger case about NOT using bcrypt but > something even slower > > http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html > > On Wed, Feb 27, 2013 at 12:33 PM, Tomas Neme > wrote: > > I just ran into this. It presses a pretty strong case... > > > > http://codahale.com/how-to-safely-store-a-password/ > > > > -- > > "The whole of Japan is pure invention. There is no such country, there > > are no such people" --Oscar Wilde > > > > |_|0|_| > > |_|_|0| > > |0|0|0| > > > > (\__/) > > (='.'=)This is Bunny. Copy and paste bunny > > (")_(") to help him gain world domination. > > > > -- > "The whole of Japan is pure invention. There is no such country, there > are no such people" --Oscar Wilde > > |_|0|_| > |_|_|0| > |0|0|0| > > (\__/) > (='.'=)This is Bunny. Copy and paste bunny > (")_(") to help him gain world domination. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: password encryption
and here it presses an even stronger case about NOT using bcrypt but something even slower http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html On Wed, Feb 27, 2013 at 12:33 PM, Tomas Neme wrote: > I just ran into this. It presses a pretty strong case... > > http://codahale.com/how-to-safely-store-a-password/ > > -- > "The whole of Japan is pure invention. There is no such country, there > are no such people" --Oscar Wilde > > |_|0|_| > |_|_|0| > |0|0|0| > > (\__/) > (='.'=)This is Bunny. Copy and paste bunny > (")_(") to help him gain world domination. -- "The whole of Japan is pure invention. There is no such country, there are no such people" --Oscar Wilde |_|0|_| |_|_|0| |0|0|0| (\__/) (='.'=)This is Bunny. Copy and paste bunny (")_(") to help him gain world domination. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
password encryption
I just ran into this. It presses a pretty strong case... http://codahale.com/how-to-safely-store-a-password/ -- "The whole of Japan is pure invention. There is no such country, there are no such people" --Oscar Wilde |_|0|_| |_|_|0| |0|0|0| (\__/) (='.'=)This is Bunny. Copy and paste bunny (")_(") to help him gain world domination. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Password encryption
Nah; Here is my Model. class Title(models.Model): name = models.CharField(max_length=10) def __unicode__(self): return self.name class UserProfile(models.Model): title = models.ForeignKey(Title) address = models.TextField() date_added = models.DateTimeField() class UserProfileForm(ModelForm): username=forms.CharField(label=("User Name"), max_length=100) password_Confirm=forms.CharField(label=("Confirm Password"), widget=forms.PasswordInput,max_length=100) first_name=forms.CharField(label=("First Name"), max_length=100) last_name=forms.CharField(label=("Last Name"), max_length=100) date_added=forms.DateField() class Meta: model = UserProfile here is my view.py from django.contrib.auth import authenticate, login from django.http import HttpResponse from django.shortcuts import get_object_or_404 from django.shortcuts import get_list_or_404 from django.template import loader, Context from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from commTrack.commtrack.models import * def UserProfileEditor(request, id=None): form = UserProfileForm(request.POST or None, instance=id and UserProfile.objects.get(id=id)) # Save new/edited User if request.method == 'POST' and form.is_valid(): form.save() return HttpResponseRedirect('/commTrack/userProfile/list/') return render_to_response('userProfile/adduserProfile.html', {'form':form}) and here is my form.html {% block form_top %}{% endblock %} {{ form.title.errors }} Title: {{ form.title }} {{ form.first_name.errors }} First Name: {{ form.first_name }} {{ form.last_name.errors }} Last Name: {{ form.last_name }} {{ form.address.errors }} Address: {{ form.address }} {{ form.username.errors }} User Name: {{ form.username }} {{ form.password.errors }} Password: {{ form.password }} {{ form.password_Confirm.errors }} Confirm Password: {{ form.password_Confirm }} {{ form.date_added.errors }} Date Added: {{ form.date_added }} It does not save anything when i click the submit button and it remains on the same interface. Any ideas? On Mon, Nov 16, 2009 at 7:50 AM, Gabriel Gunderson wrote: > On Thu, Nov 5, 2009 at 12:51 AM, Denis Bahati wrote: > > My project require to have my own table for users and roles. Am not using > > the default auth table. > > Does this work for your additional user info? > > > http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users > > Gabe > > -- > > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/django-users?hl=. > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=.
Re: Password encryption
On Thu, Nov 5, 2009 at 12:51 AM, Denis Bahati wrote: > My project require to have my own table for users and roles. Am not using > the default auth table. Does this work for your additional user info? http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users Gabe -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=.
Re: Password encryption
You can use the same method that django uses I've tried it and it works in your model inside the class for example users and after the definitions of the fields write def save(self): raw_password = self.password import random algo = 'sha1' salt = get_hexdigest(algo, str(random.random()), str (random.random()))[:5] hsh = get_hexdigest(algo, salt, raw_password) password = '%s$%s$%s' % (algo, salt, hsh) self.password = password super(yourclass,self).save() or there is another method like this. but I don't like so much def _get_ssn(self): enc_obj = Blowfish.new( settings.SECRET_KEY ) return u"%s" % enc_obj.decrypt( binascii.a2b_hex (self.password) ).rstrip() def _set_pass(self, ssn_value): enc_obj = Blowfish.new( settings.SECRET_KEY ) repeat = 8 - (len( ssn_value ) % 8) ssn_value = ssn_value + " " * repeat password = binascii.b2a_hex(enc_obj.encrypt( ssn_value )) return password sspass = property(_get_ssn) def save(self): self.password = self._set_pass(self.password) super(Usuario,self).save() with the last method you need to add this from Crypto.Cipher import Blowfish and you have to install Crypto.Cipher. I hope you solve your problem --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: password encryption not working...
On Wed, Aug 12, 2009 at 7:50 AM, rekha wrote: > > Hi all, > im a newbie, developing a django online address book application. > using mod_python, apache2, postgresql for database. > > i have two tables in my database viz login_table and contact_table.. > login_table stores username and password.. contact table stores first > name, last name, phone number, email id.. i have created a login page > that accepts username and password.. i need my application to store > the password in encrypted form in the database. > how to do password encryption? i have tried some codings ,but that > doesnt work out. this is my models.py code. > "It doesn't work" followed by a bunch of code and then a request for how to fix it is frequently asking too much of your potential helpers, unless there happens to be someone in the audience who is very bored with a lot of time on their hands and looking for a puzzle to solve. Specifics of what "doesn't work" looks like (exception? passwords never match? machine catches fire?) would be the minimum you would want to provide to help people help you. In this case, though, my first question is why are you doing all of this yourself instead of using Django's built in user authentication framework? If the specifics of what is stored in the Django User model does not match what you are looking for there are ways to extend User (via profiles). If you absolutely positively need to be re-implementing all of this stuff yourself I'd suggest you look at the Django authentication code (django/contrib/auth) for some guidance on how to do it. Karen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
password encryption not working...
Hi all, im a newbie, developing a django online address book application. using mod_python, apache2, postgresql for database. i have two tables in my database viz login_table and contact_table.. login_table stores username and password.. contact table stores first name, last name, phone number, email id.. i have created a login page that accepts username and password.. i need my application to store the password in encrypted form in the database. how to do password encryption? i have tried some codings ,but that doesnt work out. this is my models.py code. ===models.py from django.conf import settings import binascii from os import urandom from base64 import b64encode, b64decode from django.db import models from Crypto.Cipher import ARC4 def get_value(usr_name): def f(self): return login_table.decrypt(getattr(self, 'e_%s'%usr_name)) return f def set_value(usr_name): def f(self, value): setattr(self, 'e_%s'%usr_name, login_table.encrypt(value)) return f class login_table(models.Model): SALT_SIZE = 8 usr_name = models.CharField(max_length=100,unique=True,blank=True) pswd = models.CharField(max_length=50,blank=True) def encrypt(plaintext): salt = urandom(login_table.SALT_SIZE) arc4 = ARC4.new(salt + settings.SECRET_KEY) plaintext = "%3d%s%s" % (len(plaintext),plaintext,urandom(256-len (plaintext))) return "%s$%s" % (b64encode(salt), b64encode(arc4.encrypt (plaintext))) def decrypt(ciphertext): salt, ciphertext = map(b64decode, ciphertext.split('$')) arc4 = ARC4.new(salt + settings.SECRET_KEY) plaintext = arc4.decrypt(ciphertext) return plaintext[3:3+int(plaintext[:3].strip())] def encrypted_property(username): return property(get_value(username), set_value(username)) usr_name = encrypted_property('usr_name') pswd = encrypted_property('pswd') def __unicode__(self): return self.usr_name class contact_table(models.Model): fname = models.CharField(max_length=50,unique=True) lname = models.CharField(max_length=50) ph_num = models.CharField(max_length=50) email = models.EmailField(max_length=75) usr_name = models.ForeignKey(login_table) def __unicode__(self): return '%s%s%s%s' % (self.fname,self.lname,self.ph_num,self.email) How to fix this problem? and is there any pre-defined functions to do password encryption? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---