python - Password salt & secret -


so when building webapp , storing passwords, both security , performance important things keep in mind. having seen evidence salted sha1 passwords can cracked due increasing speed of gpus, wondering best practices of storing passwords.

i thought in order add more security storing passwords, add secret salt. instance, python code be:

import hashlib import hmac secret = 'xyz' h = hmac.new('salt' + secret, 'password')
  • is common thing do?
  • what drawbacks of this?
  • what best practices in field?

p.s. didn't post in security forum because want webapp developer's perspective.

also have @ passlib: http://pypi.python.org/pypi/passlib/


Comments

Post a Comment

Popular posts from this blog

JQuery Autocomplete without using label, value, id -

is possible have jquery autocomplete work without using conventional id,label,value? for instance, not wish use: [ { "id": "botaurus stellaris", "label": "great bittern", "value": "great bittern" }, { "id": "asio flammeus", "label": "short-eared owl", "value": "short-eared owl" }] but rather: [ { "my_id": "botaurus stellaris", "first_name": "great bittern", "last_name": "great bittern" }, { "my_id": "asio flammeus", "first_name": "short-eared owl", "last_name": "short-eared owl" }] so like, jquery autocomplete takes id,value,label , can make take my_id, first_name, last_name , make jquery autocomplete treat same id,label,value ? this might useful, when don't wish modify data's keys coming datasource, display on jquery autocomplete. ...
Read more

c++ - Accessing inactive union member and undefined behavior? -

i under impression accessing union member other last 1 set ub, can't seem find solid reference (other answers claiming it's ub without support standard). so, undefined behavior? the confusion c explicitly permits type-punning through union, whereas c++ ( c++11 ) has no such permission. c11 6.5.2.3 structure , union members 95) if member used read contents of union object not same member last used store value in object, appropriate part of object representation of value reinterpreted object representation in new type described in 6.2.6 (a process called ‘‘type punning’’). might trap representation. the situation c++: c++11 9.5 unions [class.union] in union, @ 1 of non-static data members can active @ time, is, value of @ 1 of non-static data members can stored in union @ time. c++ later has language permitting use of unions containing struct s common initial sequences; doesn't permit type-punning. to determine whether union type-punning is allowe...
Read more

JAVA - what is the difference between void and boolean methods? -

i new java. writing wrapper-library in java make functions available in basic-like language. i got stock @ point when noted code not executed in java-library although compiler did not complain (using eclipse). resolved replacing code follows: public void videoquality(int vquality) //did not work into public boolean videoquality(int vquality) //works here complete code-snippets: public void videoquality(int vquality) //did not work {if (vquality==16) { vidquality=16; } else if (vquality==-16) { vidquality=-16; } else if (vquality==0) { vidquality=0; } else vidquality=-16; vitamioext.setvideoquality(vidquality); } public boolean videoquality(int vquality) //works {if (vquality==16) { vidquality=16; } else if (vquality==-16) { vidquality=-16; } else if (vquality==0) { vidquality=0; } else vidquality=-16; vitamioext.setvideoquality(vidquality); return true; } i think void corresponds sub in visual basic while boolean corresponds function. i found odd following code worked using...
Read more