This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| security [2011/05/03 10:30] dblume created | security [2021/05/21 00:04] (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== Security ===== | + | ====== Security ====== | 
| + | |||
| + | ===== Google ===== | ||
| + | |||
| + | Quick links in case you need to verify things: | ||
| + | |||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | |||
| + | ===== General Security ===== | ||
| + | |||
| + | [[http:// | ||
| + | |||
| + | Consider [[http:// | ||
| + | |||
| + | At the bottom of this page, is the compiler used to make Python 2.6 and 2.7 [[http:// | ||
| + | |||
| + | On Windows, you'll have to make the following change: | ||
| + | < | ||
| + | $ diff bcrypt_python.c.org bcrypt_python.c | ||
| + | 70a71,72 | ||
| + | >       char *password_copy; | ||
| + | >       char *salt_copy; | ||
| + | 76, | ||
| + | <       char *password_copy = strdup(password); | ||
| + | <       char *salt_copy = strdup(salt); | ||
| + | --- | ||
| + | > | ||
| + | > | ||
| + | </ | ||
| + | |||
| + | Then you can build it with setup, like so: | ||
| + | |||
| + | < | ||
| + | c: | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | import bcrypt | ||
| + | |||
| + | # Hash a password for the first time, with a randomly-generated salt | ||
| + | hashed = bcrypt.hashpw(password, | ||
| + | |||
| + | # gensalt' | ||
| + | # The work factor is 2**log_rounds, | ||
| + | hashed = bcrypt.hashpw(password, | ||
| + | |||
| + | # Check that an unencrypted password matches one that has | ||
| + | # previously been hashed | ||
| + | if bcrypt.hashpw(password, | ||
| + | print "It matches" | ||
| + | else: | ||
| + | print "It does not match" | ||
| + | </ | ||
| - | [[http:// | ||
| Never use passwords whose unsalted MD5 hash can be looked up here: [[http:// | Never use passwords whose unsalted MD5 hash can be looked up here: [[http:// | ||
| - | [[http:// | + | [[http:// | 
| + | |||
| + | Someone suggested [[wp> | ||
| + | |||
| + | ==== Verification ==== | ||
| + | |||
| + | Maybe I should try to automate a way to verify the SHA1 Checksums of PGP signatures and upon success, verify the PHP signatures. | ||
| - | Someone suggested [[wp> | + | **Keywords**: |