This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2017年10月05日 12:32 by serhiy.storchaka, last changed 2022年04月11日 14:58 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 4110 | merged | serhiy.storchaka, 2017年10月24日 18:25 | |
| Messages (5) | |||
|---|---|---|---|
| msg303760 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) | Date: 2017年10月05日 12:32 | |
Blowfish salt should contain the binary logarithm of the number of rounds (from 4 to 31) (see issue31664). SHA-* salt can contain an explicit number of rounds in the form '$rounds={value}$'. It is bound to the range from 1000 to 999999999, the default is 5000. I propose to allow to specify the number of rounds in generated salt for SHA-* methods as well as for Blowfish. For unifying interface we can specify the number of rounds instead of its logarithm for Blowfish, and calculate the logarithm internally. The question is what to do with the value that is not a power of two for Blowfish. Should we raise an error or silently replace it with the upper power of two? |
|||
| msg304942 - (view) | Author: Gregory P. Smith (gregory.p.smith) * (Python committer) | Date: 2017年10月24日 20:48 | |
I'd raise a ValueError in that case. |
|||
| msg305002 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) | Date: 2017年10月25日 16:36 | |
What to do with values outside of the valid range (2**4 to 2**31 for Blowfish, 1000 to 999999999 for SHA*). Raise ValueError, OverflowError, or bound it, or just generate an invalid salt and allow crypt() to handle it? |
|||
| msg305013 - (view) | Author: Gregory P. Smith (gregory.p.smith) * (Python committer) | Date: 2017年10月25日 22:46 | |
I'd stick with ValueError in that case as well. if someone dislikes the valueerrors because they _want_ to use an invalid one, they can file a bug and we'll reconsider only if they have a meaningful use case. On Wed, Oct 25, 2017 at 9:36 AM Serhiy Storchaka <report@bugs.python.org> wrote: > > Serhiy Storchaka <storchaka+cpython@gmail.com> added the comment: > > What to do with values outside of the valid range (2**4 to 2**31 for > Blowfish, 1000 to 999999999 for SHA*). Raise ValueError, OverflowError, or > bound it, or just generate an invalid salt and allow crypt() to handle it? > > ---------- > nosy: +haypo, pitrou > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue31702> > _______________________________________ > |
|||
| msg306352 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) | Date: 2017年11月16日 11:22 | |
New changeset cede8c9edb408321b493d8d5e73be9e1018020e4 by Serhiy Storchaka in branch 'master': bpo-31702: Allow to specify rounds for SHA-2 hashing in crypt.mksalt(). (#4110) https://github.com/python/cpython/commit/cede8c9edb408321b493d8d5e73be9e1018020e4 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:58:53 | admin | set | github: 75883 |
| 2017年11月16日 11:23:51 | serhiy.storchaka | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2017年11月16日 11:22:53 | serhiy.storchaka | set | messages: + msg306352 |
| 2017年10月25日 22:46:49 | gregory.p.smith | set | messages: + msg305013 |
| 2017年10月25日 16:36:47 | serhiy.storchaka | set | nosy:
+ pitrou, vstinner messages: + msg305002 |
| 2017年10月24日 20:48:33 | gregory.p.smith | set | messages: + msg304942 |
| 2017年10月24日 18:25:13 | serhiy.storchaka | set | keywords:
+ patch stage: patch review pull_requests: + pull_request4080 |
| 2017年10月05日 12:32:52 | serhiy.storchaka | create | |