Clarified documentation on fake_login_attempt and restored bcrypt import

author: Christopher Allan Webber <cwebber@dustycloud.org> 2011-04-03 16:37:15 -0500
committer: Christopher Allan Webber <cwebber@dustycloud.org> 2011-04-03 16:37:15 -0500
commit: 51479a1d22a15744fecb8eddb367ab1a8dce8328 (patch)
tree: 2df8ac8cf077b80f5d685efded68333df4e7a761 /mediagoblin/auth/lib.py
parent: 692fd1c981afcfb75fdebe9018d5a63d6e94e461 (diff)
download: mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.tar.lz
mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.tar.xz
mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 5db4982b..907ba200 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -15,9 +15,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-
 import random
 
+import bcrypt
+
 
 def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     """
@@ -71,7 +72,9 @@ def fake_login_attempt():
     Pretend we're trying to login.
 
     Nothing actually happens here, we're just trying to take up some
-    time.
+    time, approximately the same amount of time as
+    bcrypt_check_password, so as to avoid figuring out what users are
+    on the system by intentionally faking logins a bunch of times.
     """
     rand_salt = bcrypt.gensalt(5)
author	Christopher Allan Webber <cwebber@dustycloud.org>	2011-04-03 16:37:15 -0500
committer	Christopher Allan Webber <cwebber@dustycloud.org>	2011-04-03 16:37:15 -0500
commit	51479a1d22a15744fecb8eddb367ab1a8dce8328 (patch)
tree	2df8ac8cf077b80f5d685efded68333df4e7a761 /mediagoblin/auth/lib.py
parent	692fd1c981afcfb75fdebe9018d5a63d6e94e461 (diff)
download	mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.tar.lz mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.tar.xz mediagoblin-51479a1d22a15744fecb8eddb367ab1a8dce8328.zip