couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Trivial Update of "Security_Features_Overview" by PaulOkstad
Date Wed, 21 Sep 2011 22:48:13 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Security_Features_Overview" page has been changed by PaulOkstad:
http://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=28&rev2=29

Comment:
Crap, wrong order on salt/password. Also added how to generate random salts

  {{{
  >>> import hashlib
  >>> h=hashlib.sha1()
- >>> h.update('salt')       # order is important, salt goes first
- >>> h.update('mypassword') # password comes second
+ >>> h.update('mypassword')
+ >>> h.update('mysalt')
  >>> h.digest()
- '_\xba\x95\x82\xb4\xb7\xa1[+g\x9f\xf0`_\x1dnn\x82\x95\xcf'
+ 'O,\x19\xf8\x85\xea\xe0\x88kRo\xda\x96\x824\x87OQ\xbe4'
  >>> h.hexdigest()
- '5fba9582b4b7a15b2b679ff0605f1d6e6e8295cf'
+ '4f2c19f885eae0886b526fda968234874f51be34'
+ >>> # create secure salts using os.urandom
+ ...
+ >>> salt = os.urandom(16).encode('hex') # 16 byte random salt encoded as hexadecimal
string
  }}}
  sha1.js implementation (from [[https://github.com/apache/couchdb/blob/trunk/share/www/script/sha1.js|CouchDB]])
  

Mime
View raw message