[Tutor] CGI problem.
mark.kels at gmail.com
Sun Nov 7 14:05:01 CET 2004
On Sat, 06 Nov 2004 16:44:59 -0500, Lloyd Kvam <pythontutor at venix.com> wrote:
> On Sat, 2004-11-06 at 14:51, Mark Kels wrote:
> > On Sat, 06 Nov 2004 14:20:52 -0500, Lloyd Kvam <pythontutor at venix.com> wrote:
> > > My guess is that you have a trailing \n on the password that you read
> > > from the file. I believe that the md5 digest is 16 characters, but you
> > > can double check that easily. If that's true then
> > > filepass = filepass[:16]
> > > would extract the digest.
> > >
> > > This avoids any kind of issues with line marks between different
> > > operating systems.
> > >
> > > One other point. It is best to have a secret seed value that is used in
> > > conjunction with the user password when computing the digest. This
> > > makes it harder to mount a dictionary attack against a copy of the
> > > password file. You are still vulnerable to on-line dictionary attacks
> > > since your script "knows" the seed. In actual practice someone who
> > > obtained the password file would often have also been able to obtain
> > > your secret seed value.
> > I'm sorry, but I dint understand what you just wrote... (maybe because
> > of my english, and maybe because of my litle knowldge about this
> > subject).
> your code was something like:
> filepass = passwordfile.readline()
> The '\n' (new-line) character is part of the data read in from the
> file. So, filepass contains the MD5 digest along with the character
> that marks the end of the line in the file. Since the MD5 digest is 16
> bytes long, you can extract the digest from the line you just read in by
> filepass = filepass[:16]
> This takes the first 16 characters from the line and saves it using the
> same name as was used originally to save the whole line. I hope this is
> I do not have any simple links covering security in program design.
> Bruce Schneier has written books about security. The ACM (Association
> for Computer Machinery) also has security information and courses.
> You would need to join to take advantage of much of their material.
> > Can you please fix my code so I'll understand what was the mistake?
> > And BTW, this encription thing security thing is kind of intresting...
> > I'll be glad if you will send me a link or two about this subject (
> > not too complex, and related to python).
> > Thank you very much!!
> Lloyd Kvam
> Venix Corp
Thank you, now I underastand it...
But I doesn't work.
First, I got 49 characters and not 16 in the hash
But, anyway, It doesn't help me...
I think the problem is to hash the user input (I get ��饇�&�R�=��F�E,
and not the real hash).
More ideas ?
More information about the Tutor