[Zope3-dev] SHA1Password manager, add a pinch of salt
Giovannetti, Mark
giovanne at nrcan.gc.ca
Tue Apr 24 11:13:59 EDT 2007
> -----Original Message-----
> From: Dmitry Vasiliev [mailto:dima at hlabs.spb.ru]
>
> Slices doesn't wrap around.
Right, this was what I was seeing/thinking about:
>>> for i in range(41): print i, "'" + "password"[:i-40] + "'"
...
0 ''
1 ''
2 ''
3 ''
4 ''
5 ''
6 ''
7 ''
8 ''
9 ''
10 ''
11 ''
12 ''
13 ''
14 ''
15 ''
16 ''
17 ''
18 ''
19 ''
20 ''
21 ''
22 ''
23 ''
24 ''
25 ''
26 ''
27 ''
28 ''
29 ''
30 ''
31 ''
32 ''
33 'p'
34 'pa'
35 'pas'
36 'pass'
37 'passw'
38 'passwo'
39 'passwor'
40 ''
Can't really call it wrap around, I guess.
>
> > Might make debugging a problem just a little
> > easier, you never know.
> >
> > Anyway:
> >
> > def checkPassword(self, storedPassword, password):
> > salt = storedPassword[:max(0, len(storedPassword)-40)]
> > return storedPassword == self.encodePassword(password, salt)
>
> With Python you can do things as simply as possible. :-) The
> expression
> storedPassword[:-40] (which is equivalent to
> storedPassword[:len(storedPassword)-40]) does exactly what you want:
>
> >>> "password"[:-40]
> ''
>
Keeping it simple is often the best way. Given the above, in order
to ensure a blank salt with a password less than 40 characters,
keeping it simple may not suffice.
Cheers
Mark
--
613-947-1359
System Scientist / Scientifique, spécialiste des systèmes
Canada Centre for Remote Sensing / Centre canadien de télédéction
Natural Resources Canada, 588 Booth Street, Ottawa, Ontario, Canada, K1A 0Y7
Ressources naturelles Canada, 588 rue Booth, Ottawa, Ontario, Canada, K1A 0Y7
Government of Canada / Gouvernement du Canada
More information about the Zope3-dev
mailing list