Password validation security issue
Chris Angelico
rosuav at gmail.com
Sat Mar 1 13:45:08 EST 2014
On Sun, Mar 2, 2014 at 5:31 AM, Christian Heimes <christian at python.org> wrote:
>>>>> encrypted = hashlib.sha256(login+'NaCl protects your passwords'+password).hexdigest()
>>>>> encrypted
>> 'b329f2674af4d8d873e264d23713ace4505c211410eb46779c27e02d5a50466c'
>
> Please don't do that. It's insecure and not the proper way to handle
> passwords. In fact it's insecure on so many levels that I don't know
> where to start...
Please do start. This is an extremely common practice; are you able,
from just the information above, to figure out the password using
anything better than brute force?
ChrisA
More information about the Python-list
mailing list