search

glic3rinu / passlib

Automatically exported from code.google.com/p/passlib
Other
15 stars 3 forks source link

django_des_crypt has wrong salt_chars #22

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
As reported by David Eyk <david.eyk@gmail.com>, the following django_des_crypt  
hash gets rejected:

> Password: foo
> Salt: MN
> Hash: crypt$MNVY.9ajgdvDQ$MNVY.9ajgdvDQ

It looks like (as of v1.5) that django_des_crypt has the wrong salt_chars value 
- it inherited the value LC_HEX_CHARS from the other django hashes, when it 
should have been set to H64_CHARS. A fix should be simple, and the above hash 
added as a test vector, but a more thorough review of the django hashes should 
be done first to ensure nothing else slipped through before the bugfix is 
released. 

In the meantime, the following monkeypatch fixes the issue:

     from passlib.utils.handlers import H64_CHARS
     from passlib.hash import django_des_crypt
     django_des_crypt.salt_chars = H64_CHARS

Original issue reported on code.google.com by elic@astllc.org on 10 Sep 2011 at 5:22

GoogleCodeExporter commented 9 years ago

Original comment by elic@astllc.org on 20 Sep 2011 at 2:29