As reported by David Eyk <david.eyk@gmail.com>, the following django_des_crypt
hash gets rejected:
> Password: foo
> Salt: MN
> Hash: crypt$MNVY.9ajgdvDQ$MNVY.9ajgdvDQ
It looks like (as of v1.5) that django_des_crypt has the wrong salt_chars value
- it inherited the value LC_HEX_CHARS from the other django hashes, when it
should have been set to H64_CHARS. A fix should be simple, and the above hash
added as a test vector, but a more thorough review of the django hashes should
be done first to ensure nothing else slipped through before the bugfix is
released.
In the meantime, the following monkeypatch fixes the issue:
from passlib.utils.handlers import H64_CHARS
from passlib.hash import django_des_crypt
django_des_crypt.salt_chars = H64_CHARS
Original issue reported on code.google.com by elic@astllc.org on 10 Sep 2011 at 5:22
Original issue reported on code.google.com by
elic@astllc.org
on 10 Sep 2011 at 5:22