password security

[Anders M Eriksson]

Hello!

I need a form of login into one of my applications and I would like to
ask about the security of this method. See below for the actual
function

I'm using the md5 module to create a 'digest' of the username + a
random string + the password. then I compare this to the digest that I
have saved.

Is this secure on any level?
will the random string add to the security?
if so, will a larger string make the security higher?

// Anders
-- 
PS! the shelve is ReadOnly for the user! Using the Network file
security.

# --------------------------
import md5
import shelve

RSTR="""7a\4a\de\c6\e8\cd\4e\bf\99\89\b2\83\e4\c4\a9\78\
c6\f2\bc\4e\06\71\be\cc\18\92\ea\bf\05\3e\c8\ca\
b2\6c\14\78\e9\d0\dd\4d\88\d1\fb\0c\29\35\76\ee\
60\86\7e\d0\b1\3e\21\00\68\fa\4c\7a\e5\1d\8c\a2\
14\f0\95\d9\3c\c4\00\a6\14\d5\bd\f1\68\d6\6e\c2\
95\9a\a9\91\a3\71\dd\0d\f4\8d\da\07\b2\b1\4b\76\
5b\4e\13\5b\b0\c5\15\b1\23\e0\97\0a\ee\e6\13\40\
a8\0a\bb\3a\79\b5\ff\f3\df\e2\87\dd\62\9a\49\3b\
9a\93\aa\53\b7\f6\fe\4a\69\fa\bf\fa\71\9b\c7\54\
f1\ea\ea\01\21\be\ae\d1\02\b4\e6\48\c7\99\74\ad\
79\58\6a\7b\7d\41\fa\05\c2\94\30\ad\f9\fd\92\ba\
9c\77\e1\31\e8\ea\b0\aa\8b\8c\5f\13\e2\7f\c8\89\
52\bd\e4\6f\08\1c\55\46\bb\04\af\1f\e3\99\9a\af\
d3\13\12\83\0d\ad\86\ec\05\f8\d5\6d\e6\d0\d4\ef\
a8\52\00\86\54\77\ae\d9\50\3e\55\cb\5b\07\b3\62\
de\bd\a3\e6\6b\33\0e\c6\57\6a\71\28\e4\9d\52\90"""



def login(user,pw):
    """ make sure that the user have entered the correct password"""

    sh = shelve.open("user")
    pwhash = sh[user]

    instr = user + RSTR + pw
    m = md5.new(instr)
    if(m.digest()==pwhash):
        return 1
    else:
        return 0