classification
Title: Add support of new crypt methods
Type: enhancement Stage: resolved
Components: Library (Lib) Versions: Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, dstufft, gregory.p.smith, jafo, serhiy.storchaka, vstinner
Priority: normal Keywords: patch

Created on 2017-10-02 09:24 by serhiy.storchaka, last changed 2017-10-25 14:41 by serhiy.storchaka. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3854 merged serhiy.storchaka, 2017-10-02 09:50
PR 4116 merged serhiy.storchaka, 2017-10-25 11:56
Messages (8)
msg303516 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-02 09:24
Proposed PR adds support of three new methods in the crypt module.

1. Blowfish. It is considered as strong as SSH512 for crypt() purpose. There are several variants of this method: '2', '2a', '2b' and '2y'. '2y' looks the same as '2b', other variants have different flaws. All four are supported on FreeBSD. '2b' is the only method available on OpenBSD, hence this change also fixes crypt on OpenBSD (see issue25287). Blowfish is not supported in glibc, but it is added in some Linux distributions (not in Ubuntu). The most strong of the available variants is chosen.

2. Extended DES. In contrary to traditional default algorithm it uses salt longer than 2 characters. It is supported on FreeBSD.

3. NT-Hash. It doesn't use salt and is compatible with Microsoft's NT scheme. It is supported on FreeBSD.

mksalt() now takes the log_rounds argument for Blowfish. I'm not sure this is the best solution. And what should be a default value?
msg303527 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-10-02 10:17
-1 on DES and NT Hash

These are very old, very bad algorithms and should no longer be used. We are in the 21th century.
msg303545 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-02 15:42
I concur. Initially I implemented all three methods, then removed they except Blowfish, and then re-added they back just for showing they to security experts.
msg303761 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-05 12:33
In issue31702 I propose related improvement for the SHA-* methods.
msg304927 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-24 16:36
New changeset eab3ff72ebe79416cc032b8508ae13332955a157 by Serhiy Storchaka in branch 'master':
bpo-31664: Add support for the Blowfish method in crypt. (#3854)
https://github.com/python/cpython/commit/eab3ff72ebe79416cc032b8508ae13332955a157
msg304949 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-10-24 23:37
Failure on s390x SLES 3.x:

http://buildbot.python.org/all/#/builders/16/builds/65

======================================================================
FAIL: test_invalid_log_rounds (test.test_crypt.CryptTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/dje/cpython-buildarea/3.x.edelsohn-sles-z/build/Lib/test/test_crypt.py", line 60, in test_invalid_log_rounds
    self.assertIsNone(crypt.crypt('mypassword', salt))
AssertionError: '*0' is not None
msg304985 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-25 13:30
New changeset 0f261583bae7e60e410709ed96398dd1b14c5454 by Serhiy Storchaka in branch 'master':
bpo-31664: Fix test_crypt for the openwall implementation of crypt. (#4116)
https://github.com/python/cpython/commit/0f261583bae7e60e410709ed96398dd1b14c5454
msg304990 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-25 14:41
Tests on s390x SLES 3.x are passed.
History
Date User Action Args
2017-10-25 14:41:00serhiy.storchakasetstatus: open -> closed
resolution: fixed
messages: + msg304990

stage: patch review -> resolved
2017-10-25 13:30:19serhiy.storchakasetmessages: + msg304985
2017-10-25 11:56:33serhiy.storchakasetstage: resolved -> patch review
pull_requests: + pull_request4086
2017-10-24 23:37:54vstinnersetstatus: closed -> open

nosy: + vstinner
messages: + msg304949

resolution: fixed -> (no value)
2017-10-24 16:43:34serhiy.storchakalinkissue14518 superseder
2017-10-24 16:38:26serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2017-10-24 16:36:19serhiy.storchakasetmessages: + msg304927
2017-10-05 12:33:47serhiy.storchakasetmessages: + msg303761
2017-10-02 15:42:19serhiy.storchakasetmessages: + msg303545
2017-10-02 10:17:40christian.heimessetmessages: + msg303527
2017-10-02 09:53:47serhiy.storchakasetnosy: + gregory.p.smith, jafo, christian.heimes, dstufft

type: enhancement
components: + Library (Lib)
versions: + Python 3.7
2017-10-02 09:50:17serhiy.storchakasetkeywords: + patch
stage: patch review
pull_requests: + pull_request3834
2017-10-02 09:24:48serhiy.storchakacreate