Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Stéphane Klein 
Le 17/09/13 11:09, Stéphane Klein a écrit :
 
 Is It the better Python standalone lib to perform hash and verify password ?

I see also https://pypi.python.org/pypi/passlib/


-- 
Stéphane Klein cont...@stephane-klein.info
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
cv: http://cv.stephane-klein.info

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Jesaja Everling 
Hi Stephane,

I'm not familiar with the Mozilla password hashing guidelines or the
two libraries you found, but have used this package for bcrypt:

https://pypi.python.org/pypi/py-bcrypt

hmac is part of the standard library, so you should be able to do
import hmac without having to install anything.

Best Regards,

Jesaja Everling


On Tue, Sep 17, 2013 at 11:19 AM, Stéphane Klein
cont...@stephane-klein.info wrote:
 Le 17/09/13 11:09, Stéphane Klein a écrit :

 Is It the better Python standalone lib to perform hash and verify password 
 ?

 I see also https://pypi.python.org/pypi/passlib/


 --
 Stéphane Klein cont...@stephane-klein.info
 blog: http://stephane-klein.info
 Twitter: http://twitter.com/klein_stephane
 cv: http://cv.stephane-klein.info

 --
 You received this message because you are subscribed to the Google Groups 
 pylons-discuss group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to pylons-discuss+unsubscr...@googlegroups.com.
 To post to this group, send email to pylons-discuss@googlegroups.com.
 Visit this group at http://groups.google.com/group/pylons-discuss.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Stéphane Klein 
Le 17/09/13 11:27, Jesaja Everling a écrit :
 Hi Stephane,
 
 I'm not familiar with the Mozilla password hashing guidelines or the
 two libraries you found, but have used this package for bcrypt:
 
 https://pypi.python.org/pypi/py-bcrypt
 
 hmac is part of the standard library, so you should be able to do
 import hmac without having to install anything.
 

Thanks but I look for a complete library with hash password et check password
functions.

Best regards,
Stephane
-- 
Stéphane Klein cont...@stephane-klein.info
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
cv: http://cv.stephane-klein.info

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread ian marcinkowski 
I use passlib for password hashing.

http://pythonhosted.org/passlib/

The documentation is quite good.

See here for bcrypt hashing:
http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt

On Tue, Sep 17, 2013 at 5:34 AM, Stéphane Klein
cont...@stephane-klein.info wrote:
 Le 17/09/13 11:27, Jesaja Everling a écrit :
 Hi Stephane,

 I'm not familiar with the Mozilla password hashing guidelines or the
 two libraries you found, but have used this package for bcrypt:

 https://pypi.python.org/pypi/py-bcrypt

 hmac is part of the standard library, so you should be able to do
 import hmac without having to install anything.


 Thanks but I look for a complete library with hash password et check 
 password
 functions.

 Best regards,
 Stephane
 --
 Stéphane Klein cont...@stephane-klein.info
 blog: http://stephane-klein.info
 Twitter: http://twitter.com/klein_stephane
 cv: http://cv.stephane-klein.info

 --
 You received this message because you are subscribed to the Google Groups 
 pylons-discuss group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to pylons-discuss+unsubscr...@googlegroups.com.
 To post to this group, send email to pylons-discuss@googlegroups.com.
 Visit this group at http://groups.google.com/group/pylons-discuss.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 
Ian Marcinkowski
ianmarcinkow...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Christian Ledermann 
have a look at https://github.com/Pylons/shootout (using bcrypt)
or https://github.com/cleder/liches (salted bcrypt password hash)



On Tue, Sep 17, 2013 at 12:34 PM, Stéphane Klein
cont...@stephane-klein.info wrote:
 Le 17/09/13 11:27, Jesaja Everling a écrit :
 Hi Stephane,

 I'm not familiar with the Mozilla password hashing guidelines or the
 two libraries you found, but have used this package for bcrypt:

 https://pypi.python.org/pypi/py-bcrypt

 hmac is part of the standard library, so you should be able to do
 import hmac without having to install anything.


 Thanks but I look for a complete library with hash password et check 
 password
 functions.

 Best regards,
 Stephane
 --
 Stéphane Klein cont...@stephane-klein.info
 blog: http://stephane-klein.info
 Twitter: http://twitter.com/klein_stephane
 cv: http://cv.stephane-klein.info

 --
 You received this message because you are subscribed to the Google Groups 
 pylons-discuss group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to pylons-discuss+unsubscr...@googlegroups.com.
 To post to this group, send email to pylons-discuss@googlegroups.com.
 Visit this group at http://groups.google.com/group/pylons-discuss.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 
Best Regards,

Christian Ledermann

Nairobi - Kenya
Mobile : +254 702978914

*))){

If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.

1) Don’t drive species to extinction

2) Don’t destroy a habitat that species rely on.

3) Don’t change the climate in ways that will result in the above.

}(((*

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Stéphane Klein 
Le 17/09/13 11:27, Jesaja Everling a écrit :
 I'm not familiar with the Mozilla password hashing guidelines or the
 two libraries you found, but have used this package for bcrypt:
 
 https://pypi.python.org/pypi/py-bcrypt
 

What are the differences between

https://pypi.python.org/pypi/py-bcrypt

and

https://github.com/dstufft/bcrypt/

?

Best regards,
Stephane

-- 
Stéphane Klein cont...@stephane-klein.info
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
cv: http://cv.stephane-klein.info

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Christoph Zwerschke 

Am 17.09.2013 14:48, schrieb ian marcinkowski:
 I use passlib for password hashing.

 http://pythonhosted.org/passlib/

Another vote for passlib. Code and docs are exemplary.

-- Christoph


--
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [pylons-discuss] Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Michael Merickel 
On Tue, Sep 17, 2013 at 2:38 PM, Jonathan Vanasco jonat...@findmeon.comwrote:

 def verify( hashed , password ):
 if hash(password) == hashed  : return True
 return False


Your verify is vulnerable to timing attacks. :-)

-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

[pylons-discuss] Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines

2013-09-17 Thread Jonathan Vanasco 
I'm happy with cryptacular

https://pypi.python.org/pypi/cryptacular/

having 'verify password' as a requirement is silly.

every verify password function i've seen is just a 2 line convenience 
function like this:

def verify( hashed , password ):
if hash(password) == hashed  : return True
return False

hashed = hash(password)
verified = verify( hashed , password )





-- 
You received this message because you are subscribed to the Google Groups 
pylons-discuss group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.