| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
of Python 3.5.
|
| |
|
|
|
|
| |
(which is also moving)
|
|
|
|
|
|
| |
* updated all relevant urls
* added announcement to changelog & index page
* added "thanks" section for Octobus, CleverCloud, and ReadTheDocs :)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* moved a bunch of pages into 'docs/narr' narrative subsection.
added placeholder pages in old locations, to minimize inbound link breakage.
* split history into separate pages, was getting way too long.
removed toplevel CHANGES file, not feasible under new structure.
* passlib.ifc split into reference & tutorial portions,
tutorial allowed subsuming a bunch of other hash-usage examples.
* added standard fragments for warning about insecure hashes,
added them to top of a LOT of hash doc pages.
* updated references, various layout tweaks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
.encrypt()
----------
hash.encrypt() & context.encrypt() have been renamed to .hash().
this should take care of the long-standing issue 21 (the poor naming of .encrypt).
per docs, legacy aliases will remain in place until passlib 2.0.
.genhash() / .genconfig()
-------------------------
taking advantage of this reorganization to also deprecate .genconfig()
and .genhash() -- they're not really useful in a modern system,
nor as needed for historical support as initially thought:
.genconfig() will be retired completely in passlib 2.0;
.genhash() is rolled into the new .hash() method along with .encrypt().
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bcrypt
------
* added support & UT for $2b$ hash format.
not making it the default yet, for backward compat.
* large refactor of how bcrypt backends are loaded:
instead of per-backend workarounds within each _calc_checksum_<backend>()
function: now using runtime detection of specific capabilities & workarounds,
that runs whenever set_backend() is called, combined with consolidated
workaround code within _calc_checksum(), controlled by the flags
set by set_backend().
this detection now looks for:
- the 8bit bug: throws a PasslibSecurityError
- the wraparound bug: issues warning, sets flag enabling a workaround.
- support for 2/2y/2b: if backend lacks support for particular variants,
sets flag enabling workaround to add support.
* os_crypt backend now just issues error if it can't handle a password encoding;
rather than trying fallbacks first -- edge case anyways, and likely
to not have any fallbacks when it does happen. simplifies backend code.
* added UTs to make sure wraparound-vulnerable passwords are hashed correctly
(as a 72char string, not a 1-3 char string that's repeated).
* internal blowfish code's ident parsing clarified.
other
-----
* added exc.PasslibSecurityError for fatal runtime errors.
* test framework: os_crypt backends no longer expected to use
*any* backend as fallback, just ones with lower priority than os_crypt.
* test framework: crypt_stub() wrapper now subclasses the handler,
so it can use an independant backend, instead of changing global
backend for duration of call (made parallel testing hard)
docs
----
* added entry to bcrypt page, writing down wraparound bug details,
and how passlib is handling it.
* all versions of pybcrypt & bcryptor seem to be vulnerable to wraparound bug.
starting process of deprecating these backends: marked bcrypt backend
as 'preferred' throughout the documentation.
|
| |
|
| |
|
| |
|
|
|
|
| |
updates
|
|
|
|
|
|
|
|
| |
* updated install instructions to account for python 3 support
* removed dependancy on distribute/setuptools:
- no longer using find_packages()
- using build_py_2to3 cmdclass as fallback if distribute's use_2to3 not available
* some tweaks to make "setup.py test" work properly
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
=====================
* CryptContext docs finished
* README / LICENSE updated
* license text changed to correct BSD wording
* embarassingly, the history.rst is kinda off about release versions.
tried to make it give readers better outline.
* misc doc updates
* some handler names (eg: 'context', 'all') now forbidden by register_crypt_handler()
* bumped setup.cfg to b1
|
|
|
|
|
|
|
| |
==================
* finished password hash api description
* various documentation cleanups
* removed unused quickstart doc
|
|
|