Issue 31664: Add support of new crypt methods

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/75845

classification

Title:	Add support of new crypt methods
Type:	enhancement	Stage:	resolved
Components:	Library (Lib)	Versions:	Python 3.7

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	Nosy List:	christian.heimes, dstufft, gregory.p.smith, jafo, python-dev, serhiy.storchaka, vstinner
Priority:	normal	Keywords:	patch

Created on 2017年10月02日 09:24 by serhiy.storchaka, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 3854	merged	serhiy.storchaka, 2017年10月02日 09:50
PR 4116	merged	serhiy.storchaka, 2017年10月25日 11:56
PR 26526	open	python-dev, 2021年06月04日 10:57

Messages (8)
msg303516 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月02日 09:24
Proposed PR adds support of three new methods in the crypt module. 1. Blowfish. It is considered as strong as SSH512 for crypt() purpose. There are several variants of this method: '2', '2a', '2b' and '2y'. '2y' looks the same as '2b', other variants have different flaws. All four are supported on FreeBSD. '2b' is the only method available on OpenBSD, hence this change also fixes crypt on OpenBSD (see issue25287). Blowfish is not supported in glibc, but it is added in some Linux distributions (not in Ubuntu). The most strong of the available variants is chosen. 2. Extended DES. In contrary to traditional default algorithm it uses salt longer than 2 characters. It is supported on FreeBSD. 3. NT-Hash. It doesn't use salt and is compatible with Microsoft's NT scheme. It is supported on FreeBSD. mksalt() now takes the log_rounds argument for Blowfish. I'm not sure this is the best solution. And what should be a default value?
msg303527 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2017年10月02日 10:17
-1 on DES and NT Hash These are very old, very bad algorithms and should no longer be used. We are in the 21th century.
msg303545 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月02日 15:42
I concur. Initially I implemented all three methods, then removed they except Blowfish, and then re-added they back just for showing they to security experts.
msg303761 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月05日 12:33
In issue31702 I propose related improvement for the SHA-* methods.
msg304927 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月24日 16:36
New changeset eab3ff72ebe79416cc032b8508ae13332955a157 by Serhiy Storchaka in branch 'master': bpo-31664: Add support for the Blowfish method in crypt. (#3854) https://github.com/python/cpython/commit/eab3ff72ebe79416cc032b8508ae13332955a157
msg304949 - (view)	Author: STINNER Victor (vstinner) * (Python committer)	Date: 2017年10月24日 23:37
Failure on s390x SLES 3.x: http://buildbot.python.org/all/#/builders/16/builds/65 ====================================================================== FAIL: test_invalid_log_rounds (test.test_crypt.CryptTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/dje/cpython-buildarea/3.x.edelsohn-sles-z/build/Lib/test/test_crypt.py", line 60, in test_invalid_log_rounds self.assertIsNone(crypt.crypt('mypassword', salt)) AssertionError: '*0' is not None
msg304985 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月25日 13:30
New changeset 0f261583bae7e60e410709ed96398dd1b14c5454 by Serhiy Storchaka in branch 'master': bpo-31664: Fix test_crypt for the openwall implementation of crypt. (#4116) https://github.com/python/cpython/commit/0f261583bae7e60e410709ed96398dd1b14c5454
msg304990 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2017年10月25日 14:41
Tests on s390x SLES 3.x are passed.

History
Date	User	Action	Args
2022年04月11日 14:58:53	admin	set	github: 75845
2021年06月04日 10:57:10	python-dev	set	nosy: + python-dev pull_requests: + pull_request25119
2017年10月25日 14:41:00	serhiy.storchaka	set	status: open -> closed resolution: fixed messages: + msg304990 stage: patch review -> resolved
2017年10月25日 13:30:19	serhiy.storchaka	set	messages: + msg304985
2017年10月25日 11:56:33	serhiy.storchaka	set	stage: resolved -> patch review pull_requests: + pull_request4086
2017年10月24日 23:37:54	vstinner	set	status: closed -> open nosy: + vstinner messages: + msg304949 resolution: fixed -> (no value)
2017年10月24日 16:43:34	serhiy.storchaka	link	issue14518 superseder
2017年10月24日 16:38:26	serhiy.storchaka	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2017年10月24日 16:36:19	serhiy.storchaka	set	messages: + msg304927
2017年10月05日 12:33:47	serhiy.storchaka	set	messages: + msg303761
2017年10月02日 15:42:19	serhiy.storchaka	set	messages: + msg303545
2017年10月02日 10:17:40	christian.heimes	set	messages: + msg303527
2017年10月02日 09:53:47	serhiy.storchaka	set	nosy: + gregory.p.smith, jafo, christian.heimes, dstufft type: enhancement components: + Library (Lib) versions: + Python 3.7
2017年10月02日 09:50:17	serhiy.storchaka	set	keywords: + patch stage: patch review pull_requests: + pull_request3834
2017年10月02日 09:24:48	serhiy.storchaka	create

homepage