| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
messages
|
|
|
|
|
|
| |
* support variable salt size of 4-16 bytes [issue 30].
* throw correct error when invalid base64 encoding is encountered.
* added some test vectors for the above.
|
|
|
|
| |
I previously thought
|
|
|
|
| |
chars; to prevent DOS issues.
|
|
|
|
|
|
|
| |
was using default policy to store recommended defaults for hashes,
but it only affects CryptContext objects, and users seem to frequent
using the handler objects directly - so going to store recommended
defaults in the handler from now on.
|
|
|
|
|
|
|
|
|
|
|
| |
* removed cisco_type7 config string, conflicted w/ empty password
* fixed unicode type issue in cisco_type7, win32.nthash
* bsdi_crypt.min_rounds now 1 (0 results in identical hashes)
* fixed unicode type issue in UPASS_TABLE tests for plaintext, ldap_plaintext
* relocated test vectors from test_win32 to lmhash/nthash
* 8bit test for UnsaltedHash
* fuzz testing expanded to use 5-99 char passwords, and 1/10000 are empty
*
|
|
|
|
|
|
|
| |
* added code to shoehorn $2$-support wrapper for bcryptor backend
* added PasslibSecurityWarning when builtin backend is enabled
(still considered whether it should be enabled by default)
* py3 compat fix for repair_unused
|
|
|
|
| |
(may not support django 1.4 until passlib 1.7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passlib.tests
-------------
* deprecated support for unittest 1... accumulated too many backports,
planning to require unittest2 in next release.
* case_prefix renamed to shortDescription
* test case now archives & clears warning registry state in addition
to warning filter state
passlib.utils.compat
--------------------
* a bunch of the bytes-related functions were renamed for clarity
* NativeStringIO alias added
* trange alias merged into irange
|
| |
|
| |
|
|
|
|
| |
reliably
|
|
|
|
| |
other small tweaks
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* studied crypt_blowfish's 8bit bug
- verified none of passlib's backends were affected
- added recognition (but not support) for crypt_blowfish's $2x$ hash prefix
- added support for crypt_blowfish's $2y$ hash prefix
- note in docs about Passlib's current handling of crypt_blowfish 8bit issues.
* refactored bcrypt's salt-unused-bits repair code into Base64Engine.repair_unused(),
making the code cleaner and more isolated. a bunch more tests.
* added bcrypt64 (bcrypt-base64 variant) to utils
* added LazyBase64Engine to reduce memory / startup time
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
after some thought, realized the 'nthash' name should implement
the raw hash. since bsd_nthash was very rarely used, it shouldn't
present backwards incompatibility issues at this point to go
ahead and rename it.
|
| |
|
|
|
|
|
|
|
|
| |
* Cisco Type 5 appears to be same as md5_crypt
* added requires_user=False support to HandlerCase
* added more through salt-generation test (since
cisco_pix has only 4 bits of salt)
* added HandlerCase test to ensure user is used as salt
|
|
|
|
| |
test
|
|
|
|
|
|
| |
* incorporated test vectors from various sources (esp JTR) for various hashes
* tried to document sources for existing vectors
* added at least one unicode/8bit test vector for every hash
|
|
|
|
| |
to guess capitalization)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* StaticHandler is now subclass of GenericHandler
- _calc_checksum() should be implemented instead of encrypt().
(compatibility stub added so old code should continue to work)
- _norm_hash() no longer needs to handle ->unicode conversion
- default from_string() contains a bunch of features,
including stripping a known prefix, etc.
* context kwds now pulled into constructor, so GenericHandler
supports context kwds properly; HasUserContext mixin added
to support common 'user' context kwd
* identify_regexp & identify_prefix removed, functionality
rolled into default GenericHandler.identify() implementation.
- default identify checks _hash_regex as potential way to identify hashes
* HasStubChecksum removed, functionality rolled into GenericHandler
* HasRawChecksum now just sets a flag, functionality moved into GenericHandler
* HasManyIdents._parse_ident() helper added to valid & split identifier
from hashes.
* GenericHandler._norm_checksum() is now strict about unicode / bytes
|
|
|
|
|
|
|
|
|
|
|
|
| |
* reworked warning-matching code into assertWarningList() method
* reorganized HandlerCase hash tests based on cross-cutting topic, not per-function;
this combined many tests together to eliminate redundant setup
* added test of reported rounds limits
* added better fuzz testing - tests random passwords & options using encrypt(),
and verifies against any all available backends
* added flags to properly support 'disabled' handlers, and other border cases.
* added tests for password & user case-sensitivity
* restores warning filters after every test
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
methods of most handlers
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
strict keyword
--------------
* GenericHandler's "strict" keyword had poorly defined semantics;
replaced this with "use_defaults" and "relaxed" keywords.
Most handlers' from_string() method specified strict=True.
This is now the default behavior, use_defaults=True is enabled
only for encrypt() and genconfig(). relaxed=True is enabled
only for specific handlers (and unittests) whose code requires it.
This *does* break backward compat with passlib 1.5 handlers,
but this is mostly and internal class.
* missing required settings now throws a TypeError instead of
a ValueError, to be more in line with std python behavior.
* The norm_xxx functions provided by the GenericHandler mixins
(e.g. norm_salt) have been renamed to _norm_xxx() to reflect their
private nature; and converted from class methods to instance
methods, to simplify their call signature for subclassing.
misc
----
* rewrote GenericHandler unittests to use constructor only,
instead of poking into norm_salt/norm_rounds internals.
* checksum/salt charset checks speed up using set comparison
* some small cleanups to FHSP implementation
|
| | |
|
|/
|
|
| |
and adds code complexity
|
| |
|
| |
|
|
|
|
|
|
|
| |
* safe_crypt() improved - accepts unicode/bytes for salt, checks for NULL, returns None on failure
* added test_crypt() wrapper to simplify backend checks.
* removed native=True from most to_string() implementations, unused now.
* updated UTs
|
|
|
|
| |
classes to make filtering easier
|
| |
|
|
|
|
|
|
|
|
|
| |
* added str_to_[ub]ascii to wrap hexdigest() calls
* fixed some h64big calls I missed
* some py3 fixes
* removed utils.compat.aliases, using overlay
to replace real compat module instead
(to agree w/ imports already in code)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* moved bytes compat functions from utils to utils.compat
(bord, bjoin, bjoin_ints, bjoin_elems, ujoin)
* renamed bord -> belem_ord for clarify
* a bunch of to_native_str() always use ascii, and
have fixed input types (always bytes or always unicode).
these don't need overhead of to_native_str(), so replaced
those calls with two new funcs: compat.bascii_to_str() /
compat.uascii_to_str()
* cleaned up a lot of imports from utils/utils.compat to
pull from correct module
* simplified the to_string() logic of a bunch of handlers
to reduce unicode<->byte transitions
|
| |
|
| |
|