Roundup Tracker - Issues


Author elic
Recipients ber, elic, joseph_myers
Date 2011-04-13.22:28:48
Message-id <>
Attached is a patch which addresses points (a) and (b) raised by Joseph. 

This patch adds a support for a new encrypt format based on PBKDF2, and 
makes it the default for new passwords; as well as some other cleanups I 
made in an attempt to move some parts of the password parsing out of 
roundup proper, and into

The new hash has the following:

* It uses the format "{PBKDF2}<rounds>$<salt>$<digest>", with an encoding 
format adapted from what Linux's SHA512-Crypt uses, for simplicity. 
* It defaults to 10000 rounds (I would like to make this configurable via 
config.ini, but can't quite figure out how to get a hold of a config 
instance from inside encryptPassword). 
* For new passwords, it generates a random 20-byte salt (which can be 
easily increased in the future). 
* It uses a 20-byte digest to match the underlying HMAC-SHA1 prf used by 
the PBKDF2 implementation. 
* For the backend, it uses M2Crypto.EVP.pbkdf2 if available, else falls 
back to a pure-python implementation built into

If this looks useful, I'm willing to take a stab writing code to migrate 
existing hashes (though I may have some questions for roundup-devel in 
that case).

- Eli
Date User Action Args
2011-04-13 22:28:49elicsetmessageid: <>
2011-04-13 22:28:49elicsetrecipients: + elic, ber, joseph_myers
2011-04-13 22:28:49eliclinkissue2550688 messages
2011-04-13 22:28:49eliccreate