[issue8596] crypt blowfish 'ignores' salt

2010-05-03 Thread Mark Dickinson
Mark Dickinson added the comment: Okay, thanks for the update! Looks like the FreeBSD crypt manpage could use some work... -- ___ Python tracker ___

[issue8596] crypt blowfish 'ignores' salt

2010-05-03 Thread pvo
pvo added the comment: OpenBSD's crypt(3) mentions some bcrypt*() functions. One of this functions is "char * bcrypt_gensalt(u_int8_t log_rounds)". It produces salts like: $2a$04$7.zkQ.HPURlplcFTWgDL3u or $2a$04$l2SuIEWPqF4D3uMTABgBYO Passing this salts to Pyton's crypt.crypt on FreeBSD works

[issue8596] crypt blowfish 'ignores' salt

2010-05-02 Thread pvo
pvo added the comment: $2a$12$saltysalt$ignored ^ ^ ^ ^ | | | \_ignored | | \_the salt | \_number of rounds (04-31) \_ crypt id About the crypt id: I read too much Blowfish crypt related stuff in the recent both days. Can't remember exactly the difference between

[issue8596] crypt blowfish 'ignores' salt

2010-05-02 Thread Mark Dickinson
Mark Dickinson added the comment: > FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. Reading: http://www.freebsd.org/cgi/man.cgi?query=crypt&apropos=0&sektion=3&manpath=FreeBSD+7.2-RELEASE&format=html and especially the section entitled "Modular crypt", it looks like

[issue8596] crypt blowfish 'ignores' salt

2010-05-02 Thread pvo
pvo added the comment: FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. OpenBSD's crypt(3) says: "The Blowfish version of crypt has 128 bits of salt in order to make building dictionaries of common passwords space consuming." I wrote a few lines of C code. Copied the

[issue8596] crypt blowfish 'ignores' salt

2010-05-02 Thread Mark Dickinson
Changes by Mark Dickinson : -- resolution: -> invalid status: open -> pending ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue8596] crypt blowfish 'ignores' salt

2010-05-02 Thread Mark Dickinson
Mark Dickinson added the comment: I doubt this is a Python issue, since the crypt function does little more than wrap the system crypt function. What does your man page for crypt say? Are you sure you're providing a salt that the system crypt accepts? -- nosy: +mark.dickinson _

[issue8596] crypt blowfish 'ignores' salt

2010-05-01 Thread pvo
New submission from pvo : Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite the different salts, crypt ignores the salt and produces identical encrypted passwords. The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python 2.6.4 (r264:7570) (both