[ZODB-Dev] RFC: Proposal for AuthZEO (was SecureZEO one day)
Greg Ward
gward@mems-exchange.org
Thu, 16 Jan 2003 10:35:38 -0500
On 16 January 2003, Toby Dickenson said:
> > (i.e. what artifacts pickle and a python dictionary might
> > present upon digest).
>
> Can we rely on that pickle.dumps always producing the same output bytes across
> python versions? Im not sure what would be more predictable yet equally
> easy.... repr?
Why not just concatenate the strings and hash that? String
concatenation certainly won't change across Python versions. ;-)
Alternately, take a look at the CRAM-MD5 authentication scheme used for
many email protocols (SMTP AUTH, POP, IMAP): ISTR that it concatenates
username+password, and then does some simple bit-twiddling on the result
before computing the hash. Not sure why they do it that way, but there
must be a reason. ;-) I think RFC 2104 is the definitive document; RFC
2195 looks a bit more touchy-feely and defines its use for POP and
IMAP; RFC 2554 explains it for SMTP.
Greg
--
Greg Ward - software developer gward@mems-exchange.org
MEMS Exchange http://www.mems-exchange.org