Created on 2018-04-03 08:26 by Ron Reiter, last changed 2018-04-07 13:33 by Ron Reiter.
| Messages (11) | |||
|---|---|---|---|
| msg314866 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 08:26 | |
import crypt
Expected result:
>>> crypt.crypt("test") == crypt.crypt("test")
False
>>> crypt.crypt("test", crypt.mksalt()) == crypt.crypt("test", crypt.mksalt())
False
Unexpected results:
>>> crypt.crypt("test", crypt.METHOD_SHA512) == crypt.crypt("test", crypt.METHOD_SHA512)
True
>>> crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512)) == crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512))
False
|
|||
| msg314867 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 08:28 | |
import crypt
Expected result:
>>> crypt.crypt("test") == crypt.crypt("test")
False
>>> crypt.crypt("test", crypt.mksalt()) == crypt.crypt("test", crypt.mksalt())
False
Unexpected results:
>>> crypt.crypt("test", crypt.METHOD_SHA512) == crypt.crypt("test", crypt.METHOD_SHA512)
True
>>> crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512)) == crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512))
True
|
|||
| msg314868 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 08:39 | |
You guessed it, the salt is "$6" |
|||
| msg314871 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) *  |
Date: 2018-04-03 08:54 | |
I can't reproduce this result. Does your os.urandom() broken and return a short repeated sequence? |
|||
| msg314872 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 09:47 | |
Apparently it's a Mac issue. My crypt.methods only contains [<crypt.METHOD_CRYPT>] which is probably why this fails. It's a silent failure of some sort that is causing this. |
|||
| msg314873 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2018-04-03 10:12 | |
The crypt module is a thin wrapper around the OS' crypt(3) function. The function should return NULL for unsupported salt types. The module turns NULL into None.
What's the return value of crypt.crypt("test", crypt.METHOD_SHA512) ?
|
|||
| msg314874 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 10:46 | |
Python 3.6.4 (default, Mar 22 2018, 23:35:12)
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt("test", crypt.METHOD_SHA512)
'$6asQOJRqB1i2'
>>> crypt.crypt("test", crypt.METHOD_SHA512)
'$6asQOJRqB1i2'
|
|||
| msg314875 - (view) | Author: Ron Reiter (Ron Reiter) | Date: 2018-04-03 10:47 | |
Also:
>>> crypt.crypt("test", "$5")
'$5yVOkTkyRzn.'
>>> crypt.crypt("test", "$6")
'$6asQOJRqB1i2'
>>> crypt.crypt("test", "$7")
'$7tSOkvDyiL6U'
So the salt is "$6"
|
|||
| msg314884 - (view) | Author: Raymond Hettinger (rhettinger) * |
Date: 2018-04-03 15:17 | |
> What's the return value of crypt.crypt("test", crypt.METHOD_SHA512)
This is from my Mac (10.13.3):
$ python3.6
Python 3.6.4 (v3.6.4:d48ecebad5, Dec 18 2017, 21:07:28)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt("test", crypt.METHOD_SHA512)
'$6asQOJRqB1i2'
>>> crypt.crypt("test", crypt.METHOD_SHA512)
'$6asQOJRqB1i2'
>>> crypt.crypt("test", "$5")
'$5yVOkTkyRzn.'
>>> crypt.crypt("test", "$6")
'$6asQOJRqB1i2'
>>> crypt.crypt("test", "$7")
'$7tSOkvDyiL6U'
>>> crypt.crypt("test") == crypt.crypt("test")
False
>>> crypt.crypt("test", crypt.mksalt()) == crypt.crypt("test", crypt.mksalt())
False
|
|||
| msg314926 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2018-04-04 06:00 | |
$ ./bin/python3 Python 3.8.0a0 (heads/master:55966f3a0d, Apr 2 2018, 18:16:13) [Clang 9.1.0 (clang-902.0.39.1)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import crypt >>> crypt.methods [<crypt.METHOD_CRYPT>] |
|||
| msg314938 - (view) | Author: Ronald Oussoren (ronaldoussoren) * |
Date: 2018-04-04 15:33 | |
As far as I know macOS does not support different salt types at all. The manpage does mention an "extended crypt", but according to the documentation that just controls the number of DES rounds used.
In particular:
The salt is a 9-character array consisting of an underscore, followed by
4 bytes of iteration count and 4 bytes of salt. These are encoded as
printable characters, 6 bits per character, least significant character
first. The values 0 to 63 are encoded as ``./0-9A-Za-z''. This allows
24 bits for both count and salt.
If anything needs to change it would have to be a macOS specific patch to the _crypt extension that rejects any attempt of using algorithm selection (but that's technically a backward incompatible change as)
|
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2018-04-07 13:33:00 | Ron Reiter | set | type: security |
| 2018-04-04 15:33:35 | ronaldoussoren | set | nosy:
+ ronaldoussoren messages: + msg314938 |
| 2018-04-04 06:00:46 | ned.deily | set | nosy:
+ ned.deily messages: + msg314926 versions: + Python 3.7, Python 3.8 |
| 2018-04-03 15:17:36 | rhettinger | set | messages: + msg314884 |
| 2018-04-03 10:48:23 | Ron Reiter | set | title: crypt function not hashing properly -> crypt function not hashing properly on Mac (uses a specific salt) |
| 2018-04-03 10:47:08 | Ron Reiter | set | messages: + msg314875 |
| 2018-04-03 10:46:00 | Ron Reiter | set | messages: + msg314874 |
| 2018-04-03 10:12:43 | christian.heimes | set | nosy:
+ christian.heimes messages: + msg314873 |
| 2018-04-03 09:47:25 | Ron Reiter | set | messages: + msg314872 |
| 2018-04-03 08:54:29 | serhiy.storchaka | set | nosy:
+ rhettinger, serhiy.storchaka, mark.dickinson messages: + msg314871 |
| 2018-04-03 08:39:23 | Ron Reiter | set | messages: + msg314868 |
| 2018-04-03 08:28:10 | Ron Reiter | set | messages: + msg314867 |
| 2018-04-03 08:26:58 | Ron Reiter | create | |