#818: implement site_secret in passwords
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 1.1
Component: Identity | Version: 0.9a5
Severity: trivial | Resolution:
Keywords: |
--------------------------------+-------------------------------------------
Comment (by [EMAIL PROTECTED]):
well i use it on the databases accessed by different apps and different
languages - it all works the same as long as they share the salt. md5 and
concatenation aren't implemented differently between programs.
right now there are a bunch of sites that have the dictionary md5'd, along
with a sampling of permutations and word concatanations. type in an md5,
and it looks for a reverse mapping. using a site secret as a salt offsets
this
the way i suggest it be implemented makes this optional -- None will be
returned if the value is unset -- so you won't be forced to use it. but
if you do use it, the public dictionaries will be pretty much useless at
reverse mapping your digests.
--
Ticket URL: <http://trac.turbogears.org/turbogears/ticket/818>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Tickets" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets
-~----------~----~----~----~------~----~------~--~---
