[issue8596] crypt blowfish 'ignores' salt

[pvo]

pvo  added the comment:

OpenBSD's crypt(3) mentions some bcrypt*() functions. One of this functions is 
"char * bcrypt_gensalt(u_int8_t log_rounds)". It produces salts like: 
$2a$04$7.zkQ.HPURlplcFTWgDL3u or $2a$04$l2SuIEWPqF4D3uMTABgBYO

Passing this salts to Pyton's crypt.crypt on FreeBSD works perfect.

Sorry for the noise.

--

___
Python tracker 
<http://bugs.python.org/issue8596>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8596] crypt blowfish 'ignores' salt

[pvo]

pvo  added the comment:

$2a$12$saltysalt$ignored
 ^  ^  ^ ^
 |  |  |  \_ignored
 |  |  \_the salt
 |  \_number of rounds (04-31)
 \_ crypt id
 
About the crypt id:
I read too much Blowfish crypt related stuff in the recent both days. Can't 
remember exactly the difference between the IDs '2' and '2a'. The 
/etc/master.passwd on my OpenBSD contains encrypted passwords with the '2a' ID.

The C code is attached.

--
Added file: http://bugs.python.org/file17188/blf_crypt.c

___
Python tracker 
<http://bugs.python.org/issue8596>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8596] crypt blowfish 'ignores' salt

[pvo]

pvo  added the comment:

FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. 
OpenBSD's crypt(3) says: "The Blowfish version of crypt has 128 bits of salt in 
order to make building dictionaries of common passwords space consuming."

I wrote a few lines of C code. Copied the salts from the output above to it and 
cryt()ed "test". The result differs:
$2a$05$/Ae.aeamG.O.../52uwMz3Q1WQSyWoWTy6zNndsrkAl2fnTn.

I hope I'll find some useful hints in the near future.

--
status: pending -> open

___
Python tracker 
<http://bugs.python.org/issue8596>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8596] crypt blowfish 'ignores' salt

[pvo]

New submission from pvo :

Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite 
the different salts, crypt ignores the salt and produces identical encrypted 
passwords.
The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python 
2.6.4 (r264:7570) (both from the ports)

python2.6 crypt_blf.py 
 salt: '$2a$05$)O\x0e9\xb7\xb0\xc9\xd6)v.\xd3\x03\xea!\xc1$'
$2a$05$t59ktwmm7.WpI./5uuAazXv5nUvrWyN1EzMcL6/EQ0HrNyJwq
 salt: '$2a$05$\x1ak\x0c\xfbF\xf5\xdf\xb4\x99\xa6\x12\x81\x8d\xce\xea\x19$'
$2a$05$COgstwmm../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$\x80:\x14\xbb\xc3R\x95\xb9\xcb\xf0#\x04\xbf"\xf7\xe9$'
$2a$05$COgstwmm../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$i\x01 \x10\x13#\xe3\xdc\x80\x90[3\xd5@(\x96$'
$2a$05$COgstwmm../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$<\xa8CY\xa6\x018\xe7\x0b}\x92\xd3\xa1L1\xfb$'
$2a$05$COgstwmm../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey

--
components: Library (Lib)
files: crypt_blf.py
messages: 104768
nosy: pvo
priority: normal
severity: normal
status: open
title: crypt blowfish 'ignores' salt
type: behavior
versions: Python 2.5, Python 2.6
Added file: http://bugs.python.org/file17181/crypt_blf.py

___
Python tracker 
<http://bugs.python.org/issue8596>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com