Issue 1372253
Created on 2005-12-03 10:11 by schlatterbeck, last changed 2005-12-03 10:11 by schlatterbeck.
|
| File name |
Uploaded |
Description |
Edit |
Remove |
|
patch.password.py
|
schlatterbeck,
2005-12-03 10:11
|
Simple patch to enable md5 passwords |
|
|
|
| msg2054 |
Author: [hidden] (schlatterbeck) |
Date: 2005-12-03 10:11 |
|
Many crypt implementations today allow md5 passwords.
These have -- instead of a two character salt like the
old DES-based crypt -- a longer string:
'$1$' + 8-character-length-hash + optional '$'
The current crypt implementation in roundup/password.py
explicitly truncates the salt to two characters. The
old DES-base crypt routine can deal very well with
longer strings (in fact for password checking it is
passed the whole encrypted password instead of only the
first two characters that constitute the salt and this
use is documented in the python manual page for crypt),
so I propose to remove that truncation (patch is also
attached as a file):
@@ -43,7 +43,7 @@
s = md5.md5(plaintext).hexdigest()
elif scheme == 'crypt' and crypt is not None:
if other is not None:
- salt = other[:2]
+ salt = other
else:
saltchars = './0123456789'+string.letters
salt = random.choice(saltchars) +
random.choice(saltchars)
|
| msg2055 |
Author: [hidden] (a1s) |
Date: 2005-12-03 11:48 |
|
Logged In: YES
user_id=8719
applied to the HEAD branch (roundup-0.9)
|
|
| Date |
User |
Action |
Args |
| 2005-12-03 10:11:43 | schlatterbeck | create | |
|