From 0d39d144d19d759d0654b48d95b18ba712433fad Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Thu, 17 May 2012 20:23:24 -0400 Subject: minor documentation updates - typo in changes, better listing of ident values for bcrypt --- CHANGES | 6 +++--- docs/lib/passlib.hash.bcrypt.rst | 6 +++--- passlib/handlers/bcrypt.py | 16 ++++++++++------ 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index b249400..af48dad 100644 --- a/CHANGES +++ b/CHANGES @@ -14,9 +14,9 @@ Overview Welcome to Passlib 1.6. - The main goals of this release were to clean up the codebase, tighten input + The main goal of this release was to clean up the codebase, tighten input validation, and simplify the publically exposed interfaces. This release also - brings with it a number of other improvements: 10 or so new hash algorithms, + brings a number of other improvements: 10 or so new hash algorithms, additional security precautions for the existing algorithms, a number of speed improvements, and updated documentation. @@ -139,7 +139,7 @@ Existing Hashes :doc:`ldap_salted_{digest} ` The LDAP salted digests now support salts of any size - from 4-16 bytes, though they still default to 8 (:issue:`30`). + from 4-16 bytes, though they still default to 4 (:issue:`30`). :doc:`md5_crypt `, :doc:`sha256_crypt `, :doc:`sha512_crypt ` The builtin implementation of these hashes has been diff --git a/docs/lib/passlib.hash.bcrypt.rst b/docs/lib/passlib.hash.bcrypt.rst index a44a121..1c7fa49 100644 --- a/docs/lib/passlib.hash.bcrypt.rst +++ b/docs/lib/passlib.hash.bcrypt.rst @@ -125,16 +125,16 @@ This implementation of bcrypt differs from others in a few ways: (This behavior will eventually be deprecated and such hashes will throw a :exc:`ValueError` instead). -* the crypt_blowfish bug, and the 2x/2y hashes +* The *crypt_blowfish* 8-bit bug .. _crypt-blowfish-bug: Pre-1.1 versions of the `crypt_blowfish `_ bcrypt implementation suffered from a serious flaw [#eight]_ in how they handled 8-bit passwords. The manner in which the flaw was fixed resulted - in two new bcrypt hash identifiers: + in *crypt_blowfish* adding support for two new BCrypt hash identifiers: - ``$2x$``, allowing sysadmins to mark ``$2a$`` hashes which potentially were + ``$2x$``, allowing sysadmins to mark any ``$2a$`` hashes which were potentially generated with the buggy algorithm. Passlib 1.6 recognizes, but does not currently support generating or verifying these hashes. diff --git a/passlib/handlers/bcrypt.py b/passlib/handlers/bcrypt.py index 66e4743..3f95d16 100644 --- a/passlib/handlers/bcrypt.py +++ b/passlib/handlers/bcrypt.py @@ -78,10 +78,14 @@ class bcrypt(uh.HasManyIdents, uh.HasRounds, uh.HasSalt, uh.HasManyBackends, uh. :type ident: str :param ident: - selects specific version of BCrypt hash that will be used. - Typically you want to leave this alone, and let it default to ``2a``, - but it can be set to ``2`` to use the older (and less secure) - version of the BCrypt algorithm. + Specifies which version of the BCrypt algorithm will be used when creating a new hash. + Typically this option is not needed, as the default (``"2a"``) is usually the correct choice. + If specified, it must be one of the following: + + * ``"2"`` - the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore. + * ``"2a"`` - latest revision of the official BCrypt algorithm, and the current default. + * ``"2y"`` - format specific to the *crypt_blowfish* BCrypt implementation, + identical to ``"2a"`` in all but name. :type relaxed: bool :param relaxed: @@ -94,8 +98,8 @@ class bcrypt(uh.HasManyIdents, uh.HasRounds, uh.HasSalt, uh.HasManyBackends, uh. .. versionadded:: 1.6 .. versionchanged:: 1.6 - This class now supports ``2y`` hashes, and recognizes - (but does not support) the broken ``2x`` hashes. + This class now supports ``"2y"`` hashes, and recognizes + (but does not support) the broken ``"2x"`` hashes. (see the :ref:`crypt_blowfish bug ` for details). """ -- cgit v1.2.1