Clarified documentation on fake_login_attempt and restored bcrypt import

author Christopher Allan Webber <cwebber@dustycloud.org>

Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)

committer Christopher Allan Webber <cwebber@dustycloud.org>

Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)
author Christopher Allan Webber <cwebber@dustycloud.org>
Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)
committer Christopher Allan Webber <cwebber@dustycloud.org>
Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py

index 5db4982b3d361202db97d55cdc79c5eebae21129..907ba2001fae9920ae3a0b0e7aadb1b2e180cfb8 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -15,9 +15,10 @@
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  
  import os
-
  import random
  
+import bcrypt
+
  
  def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
      """
@@ -71,7 +72,9 @@ def fake_login_attempt():
      Pretend we're trying to login.
  
      Nothing actually happens here, we're just trying to take up some
-    time.
+    time, approximately the same amount of time as
+    bcrypt_check_password, so as to avoid figuring out what users are
+    on the system by intentionally faking logins a bunch of times.
      """
      rand_salt = bcrypt.gensalt(5)
author	Christopher Allan Webber <cwebber@dustycloud.org>
	Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)
committer	Christopher Allan Webber <cwebber@dustycloud.org>
	Sun, 3 Apr 2011 21:37:15 +0000 (16:37 -0500)