| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
| |
with even rounds
|
| |
|
|
|
|
|
|
| |
* moved test_context to test_context_deprecated, to ensure pre-1.6 behavior
is retained, at least until 1.8
* new test_context merges CryptPolicy tests into CryptContextTest
|
|
|
|
| |
directly
|
|
|
|
| |
tweaked a little
|
|
|
|
|
|
|
|
|
|
| |
* this should simplify the api for users, CryptPolicy encapsulated an implementation detail
they didn't need to deal with.
* config file parsing is a lot stricter, easier for apps to add custom hacks
* CryptContext instances can now be reconfigured much easier.
* loads should be faster.
(breaking changes into multiple commits)
|
|
|
|
| |
missing chars
|
|
|
|
| |
ambiguous method names
|
| |
|
|
|
|
|
| |
* cleaned up source of des_crypt variants and DES util functions
* DES utils functions now have tighter input validation, full UT coverage
|
|
|
|
|
|
|
| |
* test os_crypt backend has functional fallback
* test handler methods accept all unicode/bytes combinations for secret & hash
* fixed some incorrect error messages & types being caught & raised
* other minor cleanups
|
|
|
|
| |
error for inconsistent hashes.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* passing a non-string secret or non-string hash to any
CryptContext or handler method will now reliably result
in a TypeError.
previously, passing hash=None to many handler identify() and verify()
methods would return False, while others would raise a TypeError.
other handler methods would alternately throw ValueError or TypeError
when passed a value that wasn't unicode or bytes.
the various CryptContext methods also behaved inconsistently,
depending on the behavior of the underlying handler.
all of these behaviors are gone, they should all raise the same TypeError.
* redid many of the from_string() methods to verify the hash type.
* moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods.
this cheaply made the secret validation global to all hashes, and lets
_calc_digest() implementations trust that the secret is valid.
* updated the CryptContext and handler unittests to verify the above behavior is adhered to.
|
|
|
|
| |
right_pad_string)
|
|
|
|
|
|
|
|
|
| |
* split os_crypt tests into separate mixin
* tests now require os_crypt backends to detect some simple incorrect returns from crypt()
- e.g. returning wrong ident prefix, wrong size, etc
- added relevant asserts to all os_crypt backends
* tests now check if platform crypt detection is functioning correctly
via platform_crypt_support dict in tests.
|
| |
|
|
|
|
|
| |
* tried to clarify documentation & alg for builtin md5_crypt / sha2-crypt backends
* replaced regex parser in sha2-crypt with index-based one - less redundant, and should be faster.
|
|
|
|
| |
bunch of redundant code
|
|
|
|
| |
messages
|
|
|
|
|
|
| |
* support variable salt size of 4-16 bytes [issue 30].
* throw correct error when invalid base64 encoding is encountered.
* added some test vectors for the above.
|
|
|
|
| |
I previously thought
|
|
|
|
| |
chars; to prevent DOS issues.
|
|
|
|
|
|
|
| |
was using default policy to store recommended defaults for hashes,
but it only affects CryptContext objects, and users seem to frequent
using the handler objects directly - so going to store recommended
defaults in the handler from now on.
|
|
|
|
|
|
|
|
|
|
|
| |
* removed cisco_type7 config string, conflicted w/ empty password
* fixed unicode type issue in cisco_type7, win32.nthash
* bsdi_crypt.min_rounds now 1 (0 results in identical hashes)
* fixed unicode type issue in UPASS_TABLE tests for plaintext, ldap_plaintext
* relocated test vectors from test_win32 to lmhash/nthash
* 8bit test for UnsaltedHash
* fuzz testing expanded to use 5-99 char passwords, and 1/10000 are empty
*
|
|
|
|
|
|
|
| |
* added code to shoehorn $2$-support wrapper for bcryptor backend
* added PasslibSecurityWarning when builtin backend is enabled
(still considered whether it should be enabled by default)
* py3 compat fix for repair_unused
|
|
|
|
| |
(may not support django 1.4 until passlib 1.7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passlib.tests
-------------
* deprecated support for unittest 1... accumulated too many backports,
planning to require unittest2 in next release.
* case_prefix renamed to shortDescription
* test case now archives & clears warning registry state in addition
to warning filter state
passlib.utils.compat
--------------------
* a bunch of the bytes-related functions were renamed for clarity
* NativeStringIO alias added
* trange alias merged into irange
|
| |
|
| |
|
|
|
|
| |
reliably
|
|
|
|
| |
other small tweaks
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* studied crypt_blowfish's 8bit bug
- verified none of passlib's backends were affected
- added recognition (but not support) for crypt_blowfish's $2x$ hash prefix
- added support for crypt_blowfish's $2y$ hash prefix
- note in docs about Passlib's current handling of crypt_blowfish 8bit issues.
* refactored bcrypt's salt-unused-bits repair code into Base64Engine.repair_unused(),
making the code cleaner and more isolated. a bunch more tests.
* added bcrypt64 (bcrypt-base64 variant) to utils
* added LazyBase64Engine to reduce memory / startup time
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
after some thought, realized the 'nthash' name should implement
the raw hash. since bsd_nthash was very rarely used, it shouldn't
present backwards incompatibility issues at this point to go
ahead and rename it.
|
| |
|
|
|
|
|
|
|
|
| |
* Cisco Type 5 appears to be same as md5_crypt
* added requires_user=False support to HandlerCase
* added more through salt-generation test (since
cisco_pix has only 4 bits of salt)
* added HandlerCase test to ensure user is used as salt
|
|
|
|
| |
test
|
|
|
|
|
|
| |
* incorporated test vectors from various sources (esp JTR) for various hashes
* tried to document sources for existing vectors
* added at least one unicode/8bit test vector for every hash
|
|
|
|
| |
to guess capitalization)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* StaticHandler is now subclass of GenericHandler
- _calc_checksum() should be implemented instead of encrypt().
(compatibility stub added so old code should continue to work)
- _norm_hash() no longer needs to handle ->unicode conversion
- default from_string() contains a bunch of features,
including stripping a known prefix, etc.
* context kwds now pulled into constructor, so GenericHandler
supports context kwds properly; HasUserContext mixin added
to support common 'user' context kwd
* identify_regexp & identify_prefix removed, functionality
rolled into default GenericHandler.identify() implementation.
- default identify checks _hash_regex as potential way to identify hashes
* HasStubChecksum removed, functionality rolled into GenericHandler
* HasRawChecksum now just sets a flag, functionality moved into GenericHandler
* HasManyIdents._parse_ident() helper added to valid & split identifier
from hashes.
* GenericHandler._norm_checksum() is now strict about unicode / bytes
|