summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEli Collins <elic@assurancetechnologies.com>2012-06-27 15:58:17 -0400
committerEli Collins <elic@assurancetechnologies.com>2012-06-27 15:58:17 -0400
commit7992e8ed13059859a0b17d9569a8081763df645f (patch)
tree4c76f98a32dab6e2dabb71dd068c1d7064c0d68d
parent9240ba7bdc000be61a7a1d4cea8df1866e19bfd4 (diff)
downloadpasslib-7992e8ed13059859a0b17d9569a8081763df645f.tar.gz
md5_crypt deprecated by author, updated docs accordingly
-rw-r--r--CHANGES2
-rw-r--r--docs/lib/passlib.hash.apr_md5_crypt.rst11
-rw-r--r--docs/lib/passlib.hash.md5_crypt.rst25
-rw-r--r--passlib/apache.py6
-rw-r--r--passlib/handlers/md5_crypt.py7
5 files changed, 39 insertions, 12 deletions
diff --git a/CHANGES b/CHANGES
index 592758f..433deb2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,8 @@ Release History
* Fixed bug in passlib.apache unittest which caused test to fail
if filesystem had mtime resolution >= 1 second (:issue:`35`).
+ * Various documentation updates and corrections.
+
**1.6** (2012-05-01)
====================
diff --git a/docs/lib/passlib.hash.apr_md5_crypt.rst b/docs/lib/passlib.hash.apr_md5_crypt.rst
index c441765..883f44e 100644
--- a/docs/lib/passlib.hash.apr_md5_crypt.rst
+++ b/docs/lib/passlib.hash.apr_md5_crypt.rst
@@ -4,12 +4,17 @@
:class:`passlib.hash.apr_md5_crypt` - Apache's MD5-Crypt variant
======================================================================
+.. warning::
+
+ As of 2012-6-7, the MD5-Crypt algorithm is "no longer considered safe"
+ by it's author, who urges migration to newer hash algorithms.
+
.. currentmodule:: passlib.hash
-This format is a variation of :class:`~passlib.hash.md5_crypt`,
+This hash is a variation of :class:`~passlib.hash.md5_crypt`,
primarily used by the Apache webserver in ``htpasswd`` files.
-It contains only minor changes to the md5-crypt algorithm,
-and should be considered just as strong / weak as md5-crypt itself.
+It contains only minor changes to the MD5-Crypt algorithm,
+and should be considered just as weak as MD5-Crypt itself.
.. seealso::
diff --git a/docs/lib/passlib.hash.md5_crypt.rst b/docs/lib/passlib.hash.md5_crypt.rst
index fefae6b..e10afcc 100644
--- a/docs/lib/passlib.hash.md5_crypt.rst
+++ b/docs/lib/passlib.hash.md5_crypt.rst
@@ -4,17 +4,25 @@
:class:`passlib.hash.md5_crypt` - MD5 Crypt
==================================================================
+.. warning::
+
+ As of 2012-6-7, this algorithm is "no longer considered safe"
+ by it's author [#phk]_, citing the increased
+ speed of the MD5 hash on modern hardware, and MD5-Crypt's
+ lack of a variable time-cost parameter. See Passlib's
+ :ref:`recommended hashes <recommended-hashes>` for a replacement.
+
.. currentmodule:: passlib.hash
This algorithm was developed for FreeBSD in 1994 by Poul-Henning Kamp,
to replace the aging :class:`passlib.hash.des_crypt`.
It has since been adopted by a wide variety of other Unix flavors, and is found
in many other contexts as well. Due to it's origins, it's sometimes referred to as "FreeBSD MD5 Crypt".
-Security-wise it is considered to be steadily weakening (due to fixed cost),
-and most unix flavors have since replaced with with stronger schemes,
-such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`.
+Security-wise it should now be considered weak,
+and most Unix flavors have since replaced it with stronger schemes
+(such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`).
-This is also referred to under Cisco IOS systems as a "type 5" hash.
+This is also referred to on Cisco IOS systems as a "type 5" hash.
The format and algorithm are identical, though Cisco seems to require
4 salt characters instead of the full 8 characters
used by most systems [#cisco]_.
@@ -150,15 +158,14 @@ The MD5-Crypt algorithm [#f1]_ calculates a checksum as follows:
Security Issues
===============
-MD5-Crypt has a couple of issues which have weakened it,
-though it is not yet considered broken:
+MD5-Crypt has a couple of issues which have weakened severely:
* It relies on the MD5 message digest, for which theoretical pre-image attacks exist [#f2]_.
However, not only is this attack still only theoretical, but none of MD5's weaknesses
have been show to affect MD5-Crypt's security.
-* The fixed number of rounds, combined with the availability
- of high-throughput MD5 implementations, means this algorithm
+* More seriously, it's fixed number of rounds (combined with the availability
+ of high-throughput MD5 implementations) means this algorithm
is increasingly vulnerable to brute force attacks.
It is this issue which has motivated it's replacement
by new algorithms such as :class:`~passlib.hash.bcrypt`
@@ -203,3 +210,5 @@ Passlib's implementation of md5-crypt differs from the reference implementation
.. [#cisco] Note about Cisco Type 5 salt size -
`<http://serverfault.com/a/46399>`_.
+
+.. [#phk] Deprecation Announcement from Poul-Henning Kamp - `<http://phk.freebsd.dk/sagas/md5crypt_eol.html>`_.
diff --git a/passlib/apache.py b/passlib/apache.py
index ce4dbb9..e985667 100644
--- a/passlib/apache.py
+++ b/passlib/apache.py
@@ -372,7 +372,11 @@ class _CommonFile(object):
#=========================================================
# FIXME: apr_md5_crypt technically the default only for windows, netware and tpf.
-# TODO: find out if htpasswd's "crypt" mode is crypt *call* or just des_crypt implementation.
+# TODO: find out if htpasswd's "crypt" mode is a crypt() *call* or just des_crypt implementation.
+# if the former, we can support anything supported by passlib.hosts.host_context,
+# allowing more secure hashes than apr_md5_crypt to be used.
+# could perhaps add this behavior as an option to the constructor.
+# c.f. http://httpd.apache.org/docs/2.2/programs/htpasswd.html
htpasswd_context = CryptContext([
"apr_md5_crypt", # man page notes supported everywhere, default on Windows, Netware, TPF
"des_crypt", # man page notes server does NOT support this on Windows, Netware, TPF
diff --git a/passlib/handlers/md5_crypt.py b/passlib/handlers/md5_crypt.py
index 6832dcf..ec8c773 100644
--- a/passlib/handlers/md5_crypt.py
+++ b/passlib/handlers/md5_crypt.py
@@ -237,6 +237,13 @@ class md5_crypt(uh.HasManyBackends, _MD5_Common):
If not specified, one will be autogenerated (this is recommended).
If specified, it must be 0-8 characters, drawn from the regexp range ``[./0-9A-Za-z]``.
+ :type salt_size: int
+ :param salt_size:
+ Optional number of characters to use when autogenerating new salts.
+ Defaults to 8, but can be any value between 0 and 8.
+ (This is mainly needed when generating Cisco-compatible hashes,
+ which require ``salt_size=4``).
+
:type relaxed: bool
:param relaxed:
By default, providing an invalid value for one of the other