documentation tweaks

2 files changed, 39 insertions, 17 deletions

diff --git a/docs/notes.txt b/docs/notes.txt
index 0620e30..035e5e9 100644
--- a/docs/notes.txt
+++ b/docs/notes.txt
@@ -5,11 +5,10 @@ Todo
 Internal Changes
 ----------------
 * C extensions to speed up some implementations
+* py3k support
 
 Other Hash Formats
 ------------------
-* generic raw digests encoded as hex
-
 * FSHP (a pbkdf1 variant)
   https://github.com/bdd/fshp
 
@@ -22,16 +21,39 @@ Other Hash Formats
   http://www.tarsnap.com/scrypt.html
   https://bitbucket.org/mhallin/py-scrypt/src
 
-* Oracle Hashes
-  http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/
+Notes on various hash formats
+=============================
+
+LDAP
+----
+still trying to verify if {CRYPT} can contain other formats besides des-crypt
+(eg, md5-crypt etc). see some references to {CRYPT}$1$
 
-* Any other PBKDF1/2 variants
-  some backend notes - http://www.di-mgt.com.au/cryptoKDFs.html
+this page http://www.ldapexplorer.com/en/manual/107070207-editor-password.htm
+has a longer list than some, but no sample hashes, so can't verify formats.
 
-* Check list of hashes on http://openwall.info/wiki/john/sample-hashes
+that page also implies some systems support variable length salts for SSHA etc.
+currently implementation is locked at 4 bytes.
 
-Notes on Mac OSX hash formats
-=============================
+Cisco PIX
+---------
+sample hashes found - http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441
+
+  8Ry2YjIyt7RRXU24 ''
+  2KFQnbNIdI.2KYOU 'cisco'
+  hN7LzeyYjw12FSIU 'john'/'cisco'
+  7DrfeZ7cyOj/PslD 'jack'/'cisco'
+
+alg
+  secret+user
+  truncate/pad-right-null to 16 bytes
+  md5().digest()
+  h64 encode
+
+todo: get some samples w/ passwords longer than 16 chars to verify
+
+Mac OSX
+-------
 Summary of info from http://www.dribin.org/dave/blog/archives/2006/04/28/os_x_passwords_2/
 
 osx < 10.2 used /etc/passwd w/ DES-CRYPT
diff --git a/docs/password_hash_api.rst b/docs/password_hash_api.rst
index 99a9ed3..ae13035 100644
--- a/docs/password_hash_api.rst
+++ b/docs/password_hash_api.rst
@@ -21,13 +21,14 @@ The `required informational attributes`_
   allows and/or requires.
 
 The `application interface`_
-  This consists of the :meth:`~PasswordHash.encrypt`,
+  This interface consists of the :meth:`~PasswordHash.encrypt`,
   :meth:`~PasswordHash.identify`, and :meth:`~PasswordHash.verify` classmethods.
   Most applications will only need to make use of these methods.
 
 The `crypt interface`_
-  This consists of the :meth:`~PasswordHash.genconfig`,
-  :meth:`~PasswordHash.genhash`. This mimics the standard unix crypt interface,
+  This interface consists of the :meth:`~PasswordHash.genconfig`
+  and :meth:`~PasswordHash.genhash` classmethods.
+  This mimics the standard unix crypt interface,
   but is not usually needed by applications.
 
 The `optional informational attributes`_
@@ -192,10 +193,10 @@ which scheme a hash belongs to when multiple schemes are in use.
           this should rarely occur, since most modern algorithms have no limitations
           on the types of characters.
 
-    :raises TypeError: if :samp:`{secret}` is not a string
+    :raises TypeError: if :samp:`{secret}` is not a bytes or unicode instance.
 
     :returns:
-        Hash string, encoded in algorithm-specific format.
+        Hash string, using an algorithm-specific format.
 
 .. classmethod:: PasswordHash.identify(hash)
 
@@ -233,9 +234,7 @@ which scheme a hash belongs to when multiple schemes are in use.
         method. These should be limited to those listed
         in :attr:`~PasswordHash.context_kwds`.
 
-    :raises TypeError:
-
-        * if the secret is not a string.
+    :raises TypeError: if :samp:`{secret}` is not a bytes or unicode instance.
 
     :raises ValueError:
         * if the hash not specified
@@ -331,6 +330,7 @@ and :meth:`~PasswordHash.genhash()``.
     :raises TypeError:
         * if the configuration string is not provided
         * if required contextual information is not provided
+        * if :samp:`{secret}` is not a bytes or unicode instance.
 
     :raises ValueError:
         * if the configuration string is not in a recognized format.