[Zope-dev] Salt-weakness in zope.app.authentication passwordmanagers?

Martijn Faassen faassen at startifact.com
Wed Jan 21 07:56:52 EST 2009


Shane Hathaway wrote:
[snip]
> Also, every encrypted password should have a scheme name prefix in curly 
> braces, such as "{SSHA}", as discussed earlier in this thread.  That 
> makes it possible to support multiple schemes in a single database, 
> which is essential for migration to new schemes.

+1

Regards,

Martijn



More information about the Zope-Dev mailing list