How can I generate hash for user password like web2py

[Константин Комков]

Can somebody told about free library for windows (.dll) which can generate hash of password like web2py (pbkdf2 + sha512)?

[João Matos]

I use Python's hashlib module. It contains pbkdf2.

[Carlos Costa]

If you can use web2py itself for this task, dot it like this:

hash = CRYPT()('text to hash')[0]

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/8155e38e-8a25-479f-b8b8-73dc31a6d0a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

At.

Carlos J. Costa

--------------------------------------------------------------

Cientista da Computação - Esp. Gestão em Telecom

[Константин Комков]

I need to generate password and

print it for entrant and then take hash from password for writing to database. But that program work on Windows and was written by delphi. Last versions delphi have sha512 and pbkdf2 library but not our. Can you take link by .dll file of the library for use it in delphi? There is another way I can generate many password and hash use web2py write it to database and then give entrant. But for security it is nonsense. 

чт, 30 мая 2019 г., 2:26 Carlos Costa <yamand...@gmail.com>:

You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/s-H7ExPpVAI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAGsD4NyYpkgJDQbPWxhmUm9Am7zuYYnWpCEhqvWxUhL%2BGwmqxQ%40mail.gmail.com.

[Massimo Di Pierro]

It is bad policy for you to generate a password and give it to customers.

You should generate a one time token and allow your user to use the token to set his own password using web2py. Web2py automatically stores it encrypted using pbkdf2 + sha512.

hashlib is not good enough for passwords because vulnerable to timing attacks.

Massimo

On Wednesday, 29 May 2019 22:43:28 UTC-7, Константин Комков wrote:

I need to generate password and

print it for entrant and then take hash from password for writing to database. But that program work on Windows and was written by delphi. Last versions delphi have sha512 and pbkdf2 library but not our. Can you take link by .dll file of the library for use it in delphi? There is another way I can generate many password and hash use web2py write it to database and then give entrant. But for security it is nonsense. 

чт, 30 мая 2019 г., 2:26 Carlos Costa <yamand...@gmail.com>:

If you can use web2py itself for this task, dot it like this:

hash = CRYPT()('text to hash')[0]

Em qua, 29 de mai de 2019 às 19:05, João Matos <jcrm...@gmail.com> escreveu:

I use Python's hashlib module. It contains pbkdf2.

segunda-feira, 27 de Maio de 2019 às 12:13:54 UTC+1, Константин Комков escreveu:

Can somebody told about free library for windows (.dll) which can generate hash of password like web2py (pbkdf2 + sha512)?

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/8155e38e-8a25-479f-b8b8-73dc31a6d0a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

At.

Carlos J. Costa

--------------------------------------------------------------

Cientista da Computação - Esp. Gestão em Telecom

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/s-H7ExPpVAI/unsubscribe.

To unsubscribe from this group and all its topics, send an email to web2py+unsubscribe@googlegroups.com.

[Константин Комков]

As I understand entrant came on foot and take to operator personal data. After that I know entrants email and can generate link for it. Yes?

[Massimo Di Pierro]

You can make you own registration form that does not require a password.

form = SQLFORM(db.auth_user)

Then you can tell them to go on the system and use their email to request a password.

[Константин Комков]

All entrant information are checking by operators and if that information correct entrant can be registrated in personal cabinet. If entrant gived our information on site, it's work like auth registration form. Entrant push your own password and after operators check entrant's info entrant can login in personal cabinet. But if entrant came on foot, we need to check its email and it is very hard becouse not all entrants have phone or Internet on phone and maybe somebody don't remember your email password for validate it...

вс, 2 июн. 2019 г., 22:26 Massimo Di Pierro <massimo....@gmail.com>:

--

Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/s-H7ExPpVAI/unsubscribe.

To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/26c0d5c1-5e88-4562-96d1-ed4e4c058b4c%40googlegroups.com.

[Константин Комков]

I think will be 30000 entrants in that year

вс, 2 июн. 2019 г., 23:47 Константин Комков <firean...@gmail.com>:

[Dave S]

On Sunday, June 2, 2019 at 1:47:27 PM UTC-7, Константин Комков wrote:

All entrant information are checking by operators and if that information correct entrant can be registrated in personal cabinet. If entrant gived our information on site, it's work like auth registration form. Entrant push your own password and after operators check entrant's info entrant can login in personal cabinet. But if entrant came on foot, we need to check its email and it is very hard becouse not all entrants have phone or Internet on phone and maybe somebody don't remember your email password for validate it...

I think we need a little clarification on the process, and we English speakers may be led astray if we use the wrong meaning for "entrant".  I think you are using it for what we normally call an "applicant".  Some one who is applying (for a job, to enroll in a class, or ....). We do use "entrant" for someone in a contest, such as a spelling bee or a cross-country race.

Questions:

1)  Am I close to what you mean by "entrant"?
2) Can entrants/applicants choose to apply online or in person?
3) Are entrants/applicants expected to already have an email account [on some mail service]?
4) When they apply in person, can they use a kiosk (dedicated terminal, similar to an ATM for banking)?
5) When they apply in person, are they dealing with what I will call "counter staff" -- registration personnel working at a counter or table?
6) Do counter staff have a terminal?
7) Can a printer be available at the counter?

I'm thinking of a small printer, such as for printing receipts for a cash register, on which you print a one-time-code (OTP), hand the piece of paper to the entrant/applicant, and they take it with them to finish their registration.  Or they can use a kiosk to complete the registration.

But of course, if I'm way off on what your needs are, I may be suggesting the wrong solution.

/dps


 

вс, 2 июн. 2019 г., 22:26 Massimo Di Pierro <massimo...@gmail.com>:

You can make you own registration form that does not require a password.

form = SQLFORM(db.auth_user)

Then you can tell them to go on the system and use their email to request a password.

On Thursday, 30 May 2019 00:11:20 UTC-7, Константин Комков wrote:

As I understand entrant came on foot and take to operator personal data. After that I know entrants email and can generate link for it. Yes?

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/s-H7ExPpVAI/unsubscribe.

To unsubscribe from this group and all its topics, send an email to web...@googlegroups.com.

[Константин Комков]

Dave S, hello!

1) When I told entrant I want to say person, who want to study in university and involve in competition, maybe applicant is more correct.

2) Applicants can choose to apply online and in person. For person, who choose to apply online I created form with password (here applicant must have email). After operator(moderator) check application, applicant can login in personal cabinet.

3) Yes, If applicant don't have email it can registrate it with operator (in person).

4) No

5,6,7) Yes, there are table with operator, computer with internet, multi-function printer and place for applicant.