#1824: Improve password security in quickstarted projects
----------------------------------+-----------------------------------------
Reporter: mramm | Owner: Gustavo
Type: defect | Status: assigned
Priority: high | Milestone: 2.0b1
Component: Quickstart Templates | Version: trunk
Severity: normal | Resolution:
Keywords: |
----------------------------------+-----------------------------------------
Comment (by kless):
Ago 2 days I started to create a python wrapper to BCrypt, which is
currently used as the default password storage hash in OpenBSD, widely
regarded as the most secure operating system available.
Resuming, that algorithm adds a salt to the hash generated, and the most
important is that it allows you to increase the amount of work required to
hash a password as computers get faster. Old passwords will still work
fine, but new passwords can keep up with the times.
If you want more information about BCrypt, read here:
http://www.usenix.org/events/usenix99/provos.html
The wrapper it's already functional:
{{{
In [1]: import pyx_bcrypt
In [2]: bcrypt = pyx_bcrypt.Engine()
In [3]: bcrypt.hash_key('crack my pass')
Out[3]: '$2a$10$5oEG2LCiivMMeceM1OjUHuZMQx/Hh39u/OSNVOn0TePjClZT.RoD2'
In [4]: bcrypt.hash_key('crack my pass if you can', 12)
Out[4]: '$2a$12$tf99GrfyJYUiLATIs6HnEeWwwi4mCl9BMErvrCKNty9Rdi2H.pgOi'
}}}
I'm supposed that will be full ready and uploaded to !PyPi in the next
week.
Note that it's necessary a working compiler.
--
Ticket URL: <http://trac.turbogears.org/ticket/1824#comment:8>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
