Encoding / decoding strings
Paul Rubin
http
Fri Jan 5 18:37:32 EST 2007
"oliver at obeattie.com" <oliver at obeattie.com> writes:
> Basically, what I am trying to do is display all comments by a
> specified user on the website. As the only thing which has =always=
> been used to identify users which never changes is their e-mail
> addresses, this is the only thing which I can use. Obviously, I can't
> display this e-mail address though.
Assign a unique number to each user in the system, and use the number.
Email addresses aren't necessarily stable since users should be able
to change their email addresses.
If you really want to use a hash, use the hmac module:
import hmac
hash = hmac.new('swordfish', 'person at domain.tld').hexdigest()
where instead of swordfish you'd use some random constant string that
you keep secret. The secrecy stops attackers from figuring out
whether a given address has a specific hash per Mark Rintsch's
comment. You'll still have to main a table mapping hashes back to
addresses, since the hashes are not reversable.
If you HAVE to have reversible encryption, you could use
http://nightsong.com/phr/crypto/p3.py
note that the string you get is binary and is longer than the input
string even before you encode it to printing chars. Note also that it
reveals the length of its input.
To generate a random string, use os.urandom:
import os, binascii
secret_string = binascii.hexlify(os.urandom(16))
you'd then embed the secret string in your program or database. You
then face the problem of keeping it secret, which is not trivial.
Overall you're better off just assigning ID numbers to users like most
BBS's do.
More information about the Python-list
mailing list