This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: crypt produces wrong hashes for passwords containing newline character
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.8
process
Status: closed Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: amarahzm, serhiy.storchaka
Priority: normal Keywords:

Created on 2020-09-30 08:41 by amarahzm, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (3)
msg377694 - (view) Author: Hazem Amara (amarahzm) Date: 2020-09-30 08:41
I am having an issue with crypt library (Lib/crypt.py) when hashing passwords containing \n character. I am using python 3.8.2 on Linux.  To compare hashed passwords produced by crypt, I used openssl and mkpasswd utilities. 

When generating hashes for password without \n, crypt, openssl and mkpasswd return the same result:

openssl passwd -6 -salt "saltySalt" "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/

mkpasswd -S "saltySalt" -m sha-512 "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/

python3 -c 'import crypt; print(crypt.crypt("password","$6$saltySalt"))'
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/


But when generating hashes for passwords containing \n character, crypt returns a result different from the result returned by openssl and mkpasswd: 

openssl passwd -6 -salt "saltySalt" "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
 
mkpasswd -S "saltySalt" -m sha-512 "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
 
python3 -c 'import crypt; print(crypt.crypt("password\n","$6$saltySalt"))'
$6$saltySalt$hsmSR02RXIRP5U14cDo3wtwLCOD1Lb/9huWQEuJYRyatQjRjXmzYJI9rpfqys8ucIc.GbymuE3a5DVcLzSxn5/


I did not find a special mention for newline character in the documentation. Thanks for your help.
msg377696 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2020-09-30 11:22
For openssl and mkpasswd the password does not contain the newline character. It contains a pair of characters "\" and "n". And the crypt module produces the same output for it:

$ python3 -c 'import crypt; print(crypt.crypt(r"password\n","$6$saltySalt"))'
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
msg377697 - (view) Author: Hazem Amara (amarahzm) Date: 2020-09-30 13:18
Thanks for your answer :)
History
Date User Action Args
2022-04-11 14:59:36adminsetgithub: 86056
2020-09-30 13:18:56amarahzmsetstatus: open -> closed

messages: + msg377697
stage: resolved
2020-09-30 11:22:58serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg377696
2020-09-30 08:51:31amarahzmsettype: behavior
2020-09-30 08:41:57amarahzmcreate