Reading the code in gluon/validators > class CRYPT(). It looks like
the default approach is hmac using md5 as the algorithm.
Below is a tiny snippet of code that will generate password hashes
that match the current default behaviour of the web2py admin
application:
note: by default the hmac_key i
good point. yes.
On Jan 4, 7:13 pm, David Bain wrote:
> So if I'm importing a csv of users into auth_user.password I'd need to
> use the same hmac_key to generate the passwords used in the source
> csv.
>
> On Tue, Jan 4, 2011 at 8:10 PM, mdipierro wrote:
>
> > using a salt (token in your exampl
So if I'm importing a csv of users into auth_user.password I'd need to
use the same hmac_key to generate the passwords used in the source
csv.
On Tue, Jan 4, 2011 at 8:10 PM, mdipierro wrote:
>
> using a salt (token in your example) is a bit primitive and vulnerable
> to cetrain attacks.
>
> Web2
using a salt (token in your example) is a bit primitive and vulnerable
to cetrain attacks.
Web2py uses hmac+md5 or hmac+sha512.
The password can be specified by:
auth.settings.hmac_kay='sha512:mypassword'
which is passed to the validator
CRYPT(hmac_key='')
Massimo
The prefix: (sha5
4 matches
Mail list logo
