summaryrefslogtreecommitdiff
path: root/passlib/handlers/des_crypt.py
diff options
context:
space:
mode:
Diffstat (limited to 'passlib/handlers/des_crypt.py')
-rw-r--r--passlib/handlers/des_crypt.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/passlib/handlers/des_crypt.py b/passlib/handlers/des_crypt.py
index 3eea448..5e3cb4c 100644
--- a/passlib/handlers/des_crypt.py
+++ b/passlib/handlers/des_crypt.py
@@ -231,6 +231,12 @@ class des_crypt(uh.HasManyBackends, uh.HasSalt, uh.GenericHandler):
#handler
#=========================================================
+#FIXME: phpass code notes that even rounds values should be avoided for BSDI-Crypt,
+# so as not to reveal weak des keys. given the random salt, this shouldn't be
+# a very likely issue anyways, but should do something about default rounds generation anyways.
+# http://wiki.call-cc.org/eggref/4/crypt sez even rounds of DES may reveal weak keys.
+# list of semi-weak keys - http://dolphinburger.com/cgi-bin/bsdi-man?proto=1.1&query=bdes&msection=1&apropos=0
+
class bsdi_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandler):
"""This class implements the BSDi-Crypt password hash, and follows the :ref:`password-hash-api`.
View Lorry Controller Status