[Twisted-Python] Getting my Cred interfaces right: IUsername(Hashed)?Password

Laurens Van Houtven _ at lvh.cc
Wed Nov 14 04:05:15 EST 2012


I'm trying to make sure that I have my cred interfaces right.

Users log in using a username and password. They provide these credentials
in plaintext (over a TLSd connection). The user password is stored using a
secure key derivation function (in casu, scrypt).

Currently I have this gumongous User object (an Axiom Item), and I'm trying
to split it up into parts. IIUC, the checker's checked interface should be
IUsernamePassword (that's already the case). However, the thing I adapt a
User to to check it should be an IUsernameHashedPassword, right?

In the end, I doubt this matters an awful lot, unless somebody ends up
implementing a IUsernameHashedPassword checker that is smart enough to read
both scrypt/bcrypt headers and /etc/shadow-style $-delimited entries.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20121114/9ab3169d/attachment.htm 

More information about the Twisted-Python mailing list