summaryrefslogtreecommitdiff
path: root/Lib/crypt.py
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/crypt.py')
-rw-r--r--Lib/crypt.py46
1 files changed, 34 insertions, 12 deletions
diff --git a/Lib/crypt.py b/Lib/crypt.py
index fbc5f4cc35..4d73202b46 100644
--- a/Lib/crypt.py
+++ b/Lib/crypt.py
@@ -19,7 +19,7 @@ class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):
return '<crypt.METHOD_{}>'.format(self.name)
-def mksalt(method=None):
+def mksalt(method=None, *, log_rounds=12):
"""Generate a salt for the specified method.
If not specified, the strongest available method will be used.
@@ -27,7 +27,12 @@ def mksalt(method=None):
"""
if method is None:
method = methods[0]
- s = '${}$'.format(method.ident) if method.ident else ''
+ if not method.ident:
+ s = ''
+ elif method.ident[0] == '2':
+ s = f'${method.ident}${log_rounds:02d}$'
+ else:
+ s = f'${method.ident}$'
s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))
return s
@@ -48,14 +53,31 @@ def crypt(word, salt=None):
# available salting/crypto methods
-METHOD_CRYPT = _Method('CRYPT', None, 2, 13)
-METHOD_MD5 = _Method('MD5', '1', 8, 34)
-METHOD_SHA256 = _Method('SHA256', '5', 16, 63)
-METHOD_SHA512 = _Method('SHA512', '6', 16, 106)
-
methods = []
-for _method in (METHOD_SHA512, METHOD_SHA256, METHOD_MD5, METHOD_CRYPT):
- _result = crypt('', _method)
- if _result and len(_result) == _method.total_size:
- methods.append(_method)
-del _result, _method
+
+def _add_method(name, *args):
+ method = _Method(name, *args)
+ globals()['METHOD_' + name] = method
+ salt = mksalt(method, log_rounds=4)
+ result = crypt('', salt)
+ if result and len(result) == method.total_size:
+ methods.append(method)
+ return True
+ return False
+
+_add_method('SHA512', '6', 16, 106)
+_add_method('SHA256', '5', 16, 63)
+
+# Choose the strongest supported version of Blowfish hashing.
+# Early versions have flaws. Version 'a' fixes flaws of
+# the initial implementation, 'b' fixes flaws of 'a'.
+# 'y' is the same as 'b', for compatibility
+# with openwall crypt_blowfish.
+for _v in 'b', 'y', 'a', '':
+ if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v)):
+ break
+
+_add_method('MD5', '1', 8, 34)
+_add_method('CRYPT', None, 2, 13)
+
+del _v, _add_method