Mercurial > p > roundup > code
comparison roundup/password.py @ 4485:95aace124a8e
use idea from Eli Collins to use a list of deprecated password encoding schemes
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 18:27:51 +0000 |
| parents | 52e13bf0bb40 |
| children | 693c75d56ebe |
comparison
equal
deleted
inserted
replaced
| 4484:52e13bf0bb40 | 4485:95aace124a8e |
|---|---|
| 238 >>> 'not sekrit' != p | 238 >>> 'not sekrit' != p |
| 239 1 | 239 1 |
| 240 """ | 240 """ |
| 241 #TODO: code to migrate from old password schemes. | 241 #TODO: code to migrate from old password schemes. |
| 242 | 242 |
| 243 known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ] | 243 deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"] |
| 244 known_schemes = ["PBKDF2"] + deprecated_schemes | |
| 244 | 245 |
| 245 def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False): | 246 def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False): |
| 246 """Call setPassword if plaintext is not None.""" | 247 """Call setPassword if plaintext is not None.""" |
| 247 if scheme is None: | 248 if scheme is None: |
| 248 scheme = self.default_scheme | 249 scheme = self.default_scheme |
| 257 | 258 |
| 258 def needs_migration(self): | 259 def needs_migration(self): |
| 259 """ Password has insecure scheme or other insecure parameters | 260 """ Password has insecure scheme or other insecure parameters |
| 260 and needs migration to new password scheme | 261 and needs migration to new password scheme |
| 261 """ | 262 """ |
| 262 if self.scheme != 'PBKDF2': | 263 if self.scheme in self.deprecated_schemes: |
| 263 return True | 264 return True |
| 264 rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password) | 265 rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password) |
| 265 if rounds < 1000: | 266 if rounds < 1000: |
| 266 return True | 267 return True |
| 267 return False | 268 return False |