use bcrypt to hash password (db filename)

posativ / weave-minimal

lightweight firefox weave/sync server

Other

83 stars 7 forks source link

Open posativ opened 11 years ago

posativ commented 11 years ago

Current way: SHA1 of some random but unique key + password. PBKDF2 is better suited for this.

salt = r'\x14Q\xd4JbDk\x1bN\x84J\xd0\x05\x8a\x1b\x8b\xa6&V\x1b\xc5\x91\x97\xc4'
return join(dir, (user + '.' + sha1(salt+passwd).hexdigest()[:16]))

posativ commented 11 years ago