Django snippets: web-key: Base64 Shared Secret for Access Control

class Foo(models.Model):
    secret = models.CharField(max_length=12, blank=True, editable=False)

    def generateSecret(self):
        s = struct.pack('L', random.getrandbits(32))
        s += struct.pack('L', random.getrandbits(32))
        s += struct.pack('L', random.getrandbits(8))
        self.secret = base64.urlsafe_b64encode(s[0:9])
        self.save()

More like this

Sign a string using SHA1, then shrink it using url-safe base65 by simon 4 years, 8 months ago
Truncate HTML without breaking tags by olau 4 years ago
Securely Signed S3 Links With Expiration by pjs 4 years, 6 months ago
User groups template tag by davea 1 year, 7 months ago
Controller Class for Views by jovialbard 1 month ago

At the Internet Identity Workshop in May, 2009, I spoke to Alan Karp and Tyler Close of HP Labs about their research on authorization without identity. Here are my Delicious links on the subject.

This led me to write code to generate a "web-key," the shared secret needed to implement the access control method discussed.

In his paper, Tyler Close recommends 70 bits for the shared secret, encoded as a 13-character Base32 string. I used 72 bits, so the secret is a 12-character, URL-safe Base64 string without padding characters.

I'm new to Python and Django, so I welcome refinements!

Author:: sbw
Posted:: May 27, 2009
Language:: Python
Django Version:: 1.0
Tags:: password web-key webkey zbac access-control
Score:: -1 (after 1 ratings)

Django snippets

web-key: Base64 Shared Secret for Access Control

More like this

Tools

Comments

Snippets

About