[Twisted-Python] PB and hashed passwords

Stephen Waterbury golux at comcast.net
Fri Apr 23 02:25:25 EDT 2004

Stephen Waterbury wrote:

> The point of storing it on the server side as an md5 hash
> is that even if someone breaks in and steals the md5 hash
> of the passwd, they can't reverse the hash to get the
> cleartext passwd, and so they can't get in (since the
> checker checks the cleartext passwd [which came in over
> an encrypted channel] against the md5 hash).

The bottom line:  md5 hashes are not a substitute
for an encrypted channel (e.g. SSL);  they are only
useful for encrypted storage and digital signatures.
(At least that's my understanding. :)

- Steve

More information about the Twisted-Python mailing list