Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
Le 17/09/13 11:09, Stéphane Klein a écrit : Is It the better Python standalone lib to perform hash and verify password ? I see also https://pypi.python.org/pypi/passlib/ -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
Hi Stephane, I'm not familiar with the Mozilla password hashing guidelines or the two libraries you found, but have used this package for bcrypt: https://pypi.python.org/pypi/py-bcrypt hmac is part of the standard library, so you should be able to do import hmac without having to install anything. Best Regards, Jesaja Everling On Tue, Sep 17, 2013 at 11:19 AM, Stéphane Klein cont...@stephane-klein.info wrote: Le 17/09/13 11:09, Stéphane Klein a écrit : Is It the better Python standalone lib to perform hash and verify password ? I see also https://pypi.python.org/pypi/passlib/ -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
Le 17/09/13 11:27, Jesaja Everling a écrit : Hi Stephane, I'm not familiar with the Mozilla password hashing guidelines or the two libraries you found, but have used this package for bcrypt: https://pypi.python.org/pypi/py-bcrypt hmac is part of the standard library, so you should be able to do import hmac without having to install anything. Thanks but I look for a complete library with hash password et check password functions. Best regards, Stephane -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
I use passlib for password hashing. http://pythonhosted.org/passlib/ The documentation is quite good. See here for bcrypt hashing: http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt On Tue, Sep 17, 2013 at 5:34 AM, Stéphane Klein cont...@stephane-klein.info wrote: Le 17/09/13 11:27, Jesaja Everling a écrit : Hi Stephane, I'm not familiar with the Mozilla password hashing guidelines or the two libraries you found, but have used this package for bcrypt: https://pypi.python.org/pypi/py-bcrypt hmac is part of the standard library, so you should be able to do import hmac without having to install anything. Thanks but I look for a complete library with hash password et check password functions. Best regards, Stephane -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out. -- Ian Marcinkowski ianmarcinkow...@gmail.com -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
have a look at https://github.com/Pylons/shootout (using bcrypt) or https://github.com/cleder/liches (salted bcrypt password hash) On Tue, Sep 17, 2013 at 12:34 PM, Stéphane Klein cont...@stephane-klein.info wrote: Le 17/09/13 11:27, Jesaja Everling a écrit : Hi Stephane, I'm not familiar with the Mozilla password hashing guidelines or the two libraries you found, but have used this package for bcrypt: https://pypi.python.org/pypi/py-bcrypt hmac is part of the standard library, so you should be able to do import hmac without having to install anything. Thanks but I look for a complete library with hash password et check password functions. Best regards, Stephane -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out. -- Best Regards, Christian Ledermann Nairobi - Kenya Mobile : +254 702978914 *))){ If you save the living environment, the biodiversity that we have left, you will also automatically save the physical environment, too. But If you only save the physical environment, you will ultimately lose both. 1) Don’t drive species to extinction 2) Don’t destroy a habitat that species rely on. 3) Don’t change the climate in ways that will result in the above. }(((* -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
Le 17/09/13 11:27, Jesaja Everling a écrit : I'm not familiar with the Mozilla password hashing guidelines or the two libraries you found, but have used this package for bcrypt: https://pypi.python.org/pypi/py-bcrypt What are the differences between https://pypi.python.org/pypi/py-bcrypt and https://github.com/dstufft/bcrypt/ ? Best regards, Stephane -- Stéphane Klein cont...@stephane-klein.info blog: http://stephane-klein.info Twitter: http://twitter.com/klein_stephane cv: http://cv.stephane-klein.info -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
Am 17.09.2013 14:48, schrieb ian marcinkowski: I use passlib for password hashing. http://pythonhosted.org/passlib/ Another vote for passlib. Code and docs are exemplary. -- Christoph -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
Re: [pylons-discuss] Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
On Tue, Sep 17, 2013 at 2:38 PM, Jonathan Vanasco jonat...@findmeon.comwrote: def verify( hashed , password ): if hash(password) == hashed : return True return False Your verify is vulnerable to timing attacks. :-) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.
[pylons-discuss] Re: I look for a standalone hash and check password library which follow « Password Storage» of Mozilla Security Guilines
I'm happy with cryptacular https://pypi.python.org/pypi/cryptacular/ having 'verify password' as a requirement is silly. every verify password function i've seen is just a 2 line convenience function like this: def verify( hashed , password ): if hash(password) == hashed : return True return False hashed = hash(password) verified = verify( hashed , password ) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/groups/opt_out.