[IPython-dev] pyzmq authentication
Jason Grout
jason-sage at creativetrax.com
Wed Jun 1 19:35:17 EDT 2011
On 6/1/11 6:04 PM, Jason Grout wrote:
> For example, we
> could send a hash of the concatenation of the shared secret and the
> content of the message.
Of course, as aptly stated by khrafra [1] and many others, it's always
better to use the prebuilt libraries to do signing. Here are two
standard modules that could do authentication:
Standard Python module: http://docs.python.org/library/hmac.html
Google Keyczar: http://www.keyczar.org/
Thanks,
Jason
[1]
http://www.reddit.com/r/netsec/comments/attt2/dont_hash_secrets/c0jdilj
: Haha.. you fool! You fell victim to one of the classic blunders. The
most famous is: Never get involved in a land war in Asia. But only
slightly less famous is this: Never attempt to roll your own crypto when
there's a well-tested library that'll do it better!
More information about the IPython-dev
mailing list