diff options
Diffstat (limited to 'docs/lib')
| -rw-r--r-- | docs/lib/passlib.hash.hex_digests.rst | 7 | ||||
| -rw-r--r-- | docs/lib/passlib.hash.msdcc2.rst | 20 | ||||
| -rw-r--r-- | docs/lib/passlib.hash.mysql323.rst | 2 | ||||
| -rw-r--r-- | docs/lib/passlib.hash.pbkdf2_digest.rst | 4 | ||||
| -rw-r--r-- | docs/lib/passlib.registry.rst | 2 | ||||
| -rw-r--r-- | docs/lib/passlib.utils.des.rst | 2 | ||||
| -rw-r--r-- | docs/lib/passlib.utils.rst | 2 |
7 files changed, 31 insertions, 8 deletions
diff --git a/docs/lib/passlib.hash.hex_digests.rst b/docs/lib/passlib.hash.hex_digests.rst index 0f8f5fd..de13bca 100644 --- a/docs/lib/passlib.hash.hex_digests.rst +++ b/docs/lib/passlib.hash.hex_digests.rst @@ -37,6 +37,8 @@ and can be used directly as follows:: .. seealso:: the generic :ref:`PasswordHash usage examples <password-hash-examples>` +.. index:: virtualbox; passwordhash + Interface ========= .. class:: hex_md4() @@ -51,6 +53,11 @@ Interface They support no settings or other keywords. +.. note:: + + Oracle VirtualBox's :cmd:`VBoxManager internalcommands passwordhash` command + uses :class:`hex_sha256`. + Format & Algorithm ================== All of these classes just report the result of the specified digest, diff --git a/docs/lib/passlib.hash.msdcc2.rst b/docs/lib/passlib.hash.msdcc2.rst index f63f4a0..6cd99aa 100644 --- a/docs/lib/passlib.hash.msdcc2.rst +++ b/docs/lib/passlib.hash.msdcc2.rst @@ -13,7 +13,7 @@ This class implements the DCC2 (Domain Cached Credentials version 2) hash, used by Windows Vista and newer to cache and verify remote credentials when the relevant server is unavailable. It is known by a number of other names, including "mscache2" and "mscash2" (Microsoft CAched haSH). It replaces -the weaker :doc:`msdcc (v1)<passlib.hash.msdcc>` hash used by previous releases +the weaker :doc:`msdcc v1<passlib.hash.msdcc>` hash used by previous releases of Windows. Security wise it is not particularly weak, but due to it's use of the username as a salt, it should probably not be used for anything but verifying existing cached credentials. @@ -77,13 +77,29 @@ The digest is calculated as follows: Security Issues =============== -This hash is essentially DCC v1 with a fixed-round PBKDF2 function +This hash is essentially :doc:`msdcc v1 <passlib.hash.msdcc>` with a fixed-round PBKDF2 function wrapped around it. The number of rounds of PBKDF2 is currently sufficient to make this a semi-reasonable way to store passwords, but the use of the lowercase username as a salt, and the fact that the rounds can't be increased, means this hash is not particularly future-proof, and should not be used for new applications. +Deviations +========== + +* Max Password Size + + Windows appears to enforce a maximum password size, + but the actual value of this limit is unclear; sources + report it to be set at assorted values from 26 to 128 characters, + and it may in fact vary between Windows releases. + The one consistent peice of information is that + passwords above the limit are simply not allowed (rather + than truncated ala :class:`~passlib.hash.des_crypt`). + Because of this, Passlib does not currently enforce a size limit: + any hashes this class generates should be correct, provided Windows + is willing to accept a password of that size. + .. rubric:: Footnotes .. [#] Description of DCC v2 algorithm - diff --git a/docs/lib/passlib.hash.mysql323.rst b/docs/lib/passlib.hash.mysql323.rst index 80272b4..f5fac6a 100644 --- a/docs/lib/passlib.hash.mysql323.rst +++ b/docs/lib/passlib.hash.mysql323.rst @@ -62,7 +62,7 @@ but verifying existing MySQL 3.2.3 - 4.0 password hashes. .. rubric:: Footnotes -.. [#f1] Source of implementation used by passlib - +.. [#f1] Source of implementation used by Passlib - `<http://djangosnippets.org/snippets/1508/>`_ .. [#f2] Mysql document describing transition - diff --git a/docs/lib/passlib.hash.pbkdf2_digest.rst b/docs/lib/passlib.hash.pbkdf2_digest.rst index 522213a..8fc5f59 100644 --- a/docs/lib/passlib.hash.pbkdf2_digest.rst +++ b/docs/lib/passlib.hash.pbkdf2_digest.rst @@ -89,10 +89,10 @@ follow the same format, :samp:`$pbkdf2-{digest}${rounds}${salt}${checksum}`. * :samp:`{checksum}` - this is the :func:`adapted base64 encoding <passlib.utils.ab64_encode>` of the raw derived key bytes returned from the PBKDF2 function. - Each scheme uses output size of it's specific :samp:`{digest}` + Each scheme uses the digest size of it's specific hash algorithm (:samp:`{digest}`) as the size of the raw derived key. This is enlarged by appromixately 4/3 by the base64 encoding, - resulting in a checksum size of 27, 43, and 86 for each of the respective algorithms. + resulting in a checksum size of 27, 43, and 86 for each of the respective algorithms listed above. The algorithm used by all of these schemes is deliberately identical and simple: The password is encoded into UTF-8 if not already encoded, diff --git a/docs/lib/passlib.registry.rst b/docs/lib/passlib.registry.rst index 2457cb1..6db21c4 100644 --- a/docs/lib/passlib.registry.rst +++ b/docs/lib/passlib.registry.rst @@ -10,7 +10,7 @@ that it knows about. While custom handlers can be used directly within an applic or even handed to a :class:`!CryptContext`; it is frequently useful to register them globally within a process and then refer to them by name. This module provides facilities for that, as well as programmatically -querying passlib to detect what algorithms are available. +querying Passlib to detect what algorithms are available. .. warning:: diff --git a/docs/lib/passlib.utils.des.rst b/docs/lib/passlib.utils.des.rst index ea09506..67fef1e 100644 --- a/docs/lib/passlib.utils.des.rst +++ b/docs/lib/passlib.utils.des.rst @@ -12,7 +12,7 @@ should not be used in new applications. This module contains routines for encrypting blocks of data using the DES algorithm. -They do not support multi-block operation or decryption, +Note that these functions do not support multi-block operation or decryption, since they are designed primarily for use in password hash algorithms (such as :class:`~passlib.hash.des_crypt` and :class:`~passlib.hash.bsdi_crypt`). diff --git a/docs/lib/passlib.utils.rst b/docs/lib/passlib.utils.rst index dc9a12f..c3f2739 100644 --- a/docs/lib/passlib.utils.rst +++ b/docs/lib/passlib.utils.rst @@ -161,7 +161,7 @@ Randomness .. autofunction:: getrandbytes .. autofunction:: getrandstr -.. autofunction:: generate_password(size=10, charset=<default>) +.. autofunction:: generate_password(size=10, charset=<default charset>) Interface Tests =============== |