cubicweb #2103684 use passlib (?) [resolved]

passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 20 password hashing algorithms, as well as a framework for managing existing password hashes. It’s designed to be useful for a large range of tasks, including:

  • quick-start password hashing for new python applications ~ quickstart guide
  • constructing a configurable hashing policy to match the needs of any python application ~ passlib.context
  • reading & writing Apache htpasswd / htdigest files ~ passlib.apache
  • creating & verifying hashes used by MySQL, PostgreSQL, OpenLDAP, and other applications ~ passlib.apps
  • creating & verifying hashes found in Unix “shadow” files ~ passlib.hosts

CW uses different hash algo on unix and windows, making migrations of users difficult (we need a password reset). If only for this, using passlib would be nice.

prioritynormal
typetask
done in3.14.7
load0.500
load left0.000
closed by#9c59258e7798 [security] use a stronger encryption algorythm for password, keeping bw compat

Workflow history

from state (3)to statecommentdateUser
validation pendingresolved

mass resolving on Oct 15 2019

2019/10/15 14:50 UTCadmin
donevalidation pending2012/04/11 09:29 UTCddouard
opendone2012/03/16 17:37 UTCjcristau