Login

Tag "password"

18 snippets

Snippet List

Use crypt instead of sha1 as password hash algorithm

This snippet uses signals to replace the `contrib.auth.models.User.set_password()` function with one that uses *crypt* instead of *sha1* to hash the password. *Crypt* is of course cryptographically inferior to *sha1*, but this may be useful for interoperability with legacy systems e.g. when sharing a user authentication database with unix, a MTA etc. For some reason the `User` class doesn't emit a `class_prepared` signal, which would otherwise be a better choice here. That's why I had to resort to patching each `User` instance separately. A clean way to deploy this snippet is to place it in the `models.py` of an otherwise empty app, and add the app in `settings.INSTALLED_APPS`. The order of `INSTALLED_APPS` doesn't matter since we're patching instances, not classes.

  • password
  • hash
  • crypt
Read More

web-key: Base64 Shared Secret for Access Control

At the [Internet Identity Workshop](http://iiw.idcommons.net/Iiw8) in May, 2009, I spoke to Alan Karp and Tyler Close of HP Labs about their research on authorization without identity. Here are my [Delicious links](http://delicious.com/sbwms/ZBAC) on the subject. This led me to write code to generate a "web-key," the shared secret needed to implement the access control method discussed. In his paper, Tyler Close recommends 70 bits for the shared secret, encoded as a 13-character Base32 string. I used 72 bits, so the secret is a 12-character, URL-safe Base64 string without padding characters. I'm new to Python and Django, so I welcome refinements!

  • password
  • web-key
  • webkey
  • zbac
  • access-control
Read More
Author: sbw
  • -1
  • 2