misc updates

============
* wrote up info about sha-crypt deviations from spec
* split sha crypt backends into separate function
* sha crypt now checks if os crypt supports $5$ and $6$, and uses them instead of pure python backend
* md5 crypt backend split into separate function
* added support for apache variant of md5 crypt ("apr-md5-crypt", in same file)
* handler: _norm_salt can now handle min_salt_chars=0
* handler: _norm_salt has validate code split into separate method (for sha crypt)

1 files changed, 29 insertions, 0 deletions

diff --git a/docs/notes.txt b/docs/notes.txt
index 7436a3b..0a1fe7a 100644
--- a/docs/notes.txt
+++ b/docs/notes.txt
@@ -169,3 +169,32 @@ optional public methods
         and returns resulting hash.
 
         should generally act as the inverse of parse().
+
+======================================================================
+info about upgrade policy scheme, and sun-md5 ref...
+    http://www.cuddletech.com/blog/pivot/entry.php?id=778
+
+some sample hashes all using "passwd", including sunmd5
+    http://compgroups.net/comp.unix.solaris/password-file-in-linux-and-solaris-8-9
+
+nt-hash
+    md4.new(passwd.encode('utf-16le')).hexdigest().upper()
+
+    mygreatpasswd
+    CFACF72F5EB60EA15F89E3AF66732545
+
+    http://www.faqs.org/rfcs/rfc1320.html
+
+    $3$hash
+
+
+http://search.cpan.org/~zefram/Authen-Passphrase-0.007/lib/Authen/Passphrase.pm
+======================================================================
+
+policy file format
+
+[passlib.policy]
+des-crypt:decpreated = true
+sha512-crypt:default-rounds = 40000
+sha512-crypt:min-rounds = 30000
+sha512-crypt:max-rounds = 50000