support SASLprep in CryptContext

[GoogleCodeExporter]

Passlib currently takes in whatever unicode sequence is offered, and hashes it. 
However, there unicode normalization issues, non-printing code points (eg SHY) 
that should be discarded, and many other things which might cause problems 
reproducing the correct hash from differing user input. 

SASL has already addressed this problem via the SASL stringprep profile - 
https://tools.ietf.org/html/rfc4013 - this provides a well-thought out unicode 
normalization policy to prepare passwords for hashing. 

It would be good to integrate this into passlib, but it would have to be done 
in a way that wouldn't impact existing hashes and deployments, which may be 
relying on other policies. One possible way would be to added a 'stringprep' 
option to CryptContext, and let it take care of preparing passwords before 
hashing them. 

Original issue reported on code.google.com by elic@astllc.org on 30 Sep 2011 at 9:35

[GoogleCodeExporter]

r5a70b368c40a adds this feature, selectable via the per-scheme 'passprep' 
policy option. will be included in the 1.6 release.

Original comment by elic@astllc.org on 2 Jan 2012 at 7:25

• Changed state: Fixed

[GoogleCodeExporter]

I decided the implementation of feature was half-baked... 

* the config interface was too flexible in useless ways
* the simple case was hard to enable
* the whole codebase needs to mess with per-hash 'encoding' kwds, which it 
doesn't.
* it would also need to mesh with context-wide encoding policies when/if though 
are added.

Given all that, removed the CryptContext integration for saslprep until another 
release. The passlib.utils.saslprep() function will still be there for 
applications to use on their own, though.

Original comment by elic@astllc.org on 27 Apr 2012 at 4:19

• Changed state: Discussing
• Added labels: Milestone-Release1.7
• Removed labels: Milestone-Release1.6