lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, Nov 07, 2012 at 04:24:11PM -0200, Luiz Henrique de Figueiredo wrote:
> > I'm working on a web framework for Lua and I want to implement some sort of
> > functionality that allows passwords to be verified without them ever
> > actually being used in Lua, so they aren't interned then forever stored in
> > memory.
> 
> Store a digest of each password instead of the password itself.
> Send passwords to Lua as numbers (ie the raw bytes).
> In Lua convert each byte to a single-char string and update a digest.
> At the end compare the computed digest with the stored digest.
> My md5 library supports several digests and supports updates.

I am using bcrypt which doesn't support incremental hashing, however
automatically hashing marked fields (fields whose name begins with a dot
etc) is neat and doable, since getting POST values from libevent needs
some C intervention anyway.

Thanks!
Mike