• Home
  • Solutions
    • Corporate applications
    • Knowledge engineering
    • Mobile web
    • References
  • About us
    • Philosophy
    • Life at Yaco
    • Join the team
  • Community
    • News
    • Projects
    • Contributions
  • Products
    • yaco.contents
    • yaco.commerce
    • yaco.social
    • yaco.socialcare
    • yaco.tourism
    • Modules
  • Clients Area
  • Contact us
  • Language
follow us in Facebook twitter blog
General Linux Python blog caching databases debugging django djangocon geodjango inauguracion jacobkaplanmoss misscripts opensource orm postgresql projects python security software yaco
Yaco on Facebook
border image
Join us
Join us

Life at Yaco

Contribuimos a:
morfeo django plone
  • cryptography
  • < go back to channels

Timing attack in Google Keyczar library

Blog de Simon Willison Posted on January 4, 2010

Timing attack in Google Keyczar library. An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why ...

cryptography django keyczar python security signing timingattack
external link Read More

Design and code review requested for Django string signing / signed cookies

Blog de Simon Willison Posted on January 4, 2010

Design and code review requested for Django string signing / signed cookies. Do you know your way around web app security and cryptography (in particular signing things using hmac and sha1)? We’d appreciate your help reviewing the usage of these concepts in Django’s proposed string signing and signed cookie implementations.

codereview cryptography django hashing hmac python security sha1
external link Read More

Django ponies: Proposals for Django 1.2

Blog de Simon Willison Posted on September 29, 2009

I’ve decided to step up my involvement in Django development in the run-up to Django 1.2, so I’m currently going through several years worth of accumulated pony requests figuring out which ones are worth advocating for. I’m also ensuring I have the code to back them up—my innocent AutoEscaping proposal a few years ago resulted ...

cookies cryptography csrf django html logging lukeplant markup ponies projects python security signedcookies signing xhtml
external link Read More

Adding signing (and signed cookies) to Django core

Blog de Simon Willison Posted on September 24, 2009

Adding signing (and signed cookies) to Django core. I’ve been increasing my participation in Django recently—here’s my proposal for adding signing and signed cookies to Django, which I’d personally like to see ship as part of Django 1.2.

cookies cryptography django security signedcookies signing
external link Read More

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65

Blog de Simon Willison Posted on August 27, 2008

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using ...

base65 cookies cryptography django djangosnippets hashes python security sha1 signedcookies urls
external link Read More
Copyright © Yaco Sistemas S.L. All rights reserved | General Terms