Using Rotor with password file
Paul Rubin
phr-n2003b at NOSPAMnightsong.com
Sat Feb 1 18:14:47 EST 2003
Tim Evans <t.evans at paradise.net.nz> writes:
> The more traditional way to implement a password file would be to use
> the 'md5' or 'sha' modules. ...
>
> SHA is a one-way encryption, meaning that even if someone knows the
> algorithm and the contents of the password file, they cannot easily
> determine any of the plain-text passwords.
I think the OP wanted to be able to decrypt the password, for example
because it's needed to accesss a remote database or something.
These days, even if you're storing unreversable hashes in a password
file, it's preferable to store HMAC's computed with a secret key
rather than raw unkeyed hashes of the salted passwords. That stops
someone who gets the password file without the secret key from doing
an offline dictionary search on the hashed passwords.
More information about the Python-list
mailing list