RE: [Roundup-devel] Encryption of passwords - proposal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Richard

Just a note --- perhaps looking at Zope's LoginManager password 
code might be useful? It uses a prefixing convention like: 
 {CRYPT}GpXZcplGP3v72  or  {SHA}2FlBTKMLfBwZw  to indicate the
encryption in use. For example, from 'UserSources.py'::

    def encodePassword(self, text, scheme='CRYPT', salt=None):
        """Encode a password"""
        if scheme == 'CRYPT' and crypt is not None:
            if salt is None:
                salt = whrandom.randint(0, 2**12-1)
                salt = saltdict[salt >> 6] + saltdict[salt & 0x3f]
            pw = '{CRYPT}' + crypt.crypt(text, salt)
        elif scheme == 'SHA':
            pw = '{SHA}' + binascii.b2a_base64(sha.sha(text).digest())[:-1]
        elif scheme == 'SSHA':
            if salt is None:
                # XXX random salt selection could be much better...
                salt = hex(whrandom.randint(0, sys.maxint-1))[2:]
                salt = sha.sha(salt).digest()
            ssha = sha.sha(text + salt).digest()+salt
            pw = '{SSHA}' + binascii.b2a_base64(ssha)[:-1]
        else:
            pw = text

        return pw

Jean

RE: [Roundup-devel] Encryption of passwords - proposal

Simple-to-use/-install issue-tracking system: web, REST, email, CLI

RE: [Roundup-devel] Encryption of passwords - proposal