autodoc.git/ traditional_manual/ chapter_21.html

Branch: Tag:

2022-06-18

2022-06-18 11:59:39 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.Password: Fix support for Django-style pbkdf2_sha256.

168:   <dt class='head--doc'>Description</dt>   <dd class='body--doc'><p>Verify a password against a hash.</p>   <p> This function attempts to support most common -  password hashing schemes. The <code>hash</code> can be on any -  of the following formats.</p> +  password hashing schemes.</p> + </dd> + <dt class='head--doc'><span id='p-password'></span>Parameter <code class='parameter'>password</code></dt> + <dd></dd><dd class='body--doc'><p>Binary password. This is typically is typically a textual +  string normalized according to +  <code class='expr'>string_to_utf8(Unicode.normalize(raw_password,&nbsp;"NFC"))</code>, +  but some operating systems (eg MacOS X) may have other +  conventions.</p> + </dd> + <dt class='head--doc'><span id='p-hash'></span>Parameter <code class='parameter'>hash</code></dt> + <dd></dd><dd class='body--doc'><p>The <code>hash</code> can be on any of the following formats.</p>   <p> LDAP-style (<b><a href='http://pike.lysator.liu.se/rfc2307.xml'>RFC 2307</a></b>) hashes:</p>   <table class='box'><tr><td><code><code class='key'>"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code>    <code>SHA1</code> hash of the password. Source: OpenLDAP FAQ
263:    where the base hashing alorithm has been switched to <code>SHA256</code>.    This method is apparently used by some versions of Drupal.</p>   </td></tr> + <tr><td><code><code class='key'>"$pbkdf2$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA1.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"$pbkdf2-sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA256.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"$pbkdf2-sha512$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA512.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"pbkdf2_sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as the Django variant of +  <code>SHA256.crypt_pbkdf2()</code>. This differs from the standard +  variant (<code class='expr'>"$pbkdf2-sha256$"</code>) in that the hash is +  encoded with plain <code>MIME.encode_base64()</code> (ie including +  padding (<code class='expr'>'='</code>) and plus (<code class='expr'>'+'</code>) characters).</p> + </td></tr>   <tr><td><code><code class='key'>"XXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string (which doesn't begin with <code class='expr'>"{"</code>) is    taken to be a password hashed using the classic unix    <code class='expr'>crypt(3C)</code> function. If the string contains only chars
5266:   <dt class='head--type'><span class='homogen--type'>Method</span>   <span class='homogen--name'><b>crypt</b></span>   </dt> - <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd> + <dd><p><code><code class='datatype'>string(8bit)</code>|<code class='datatype'>zero</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd>      <dt class='head--doc'>Description</dt>   <dd class='body--doc'><p>Encrypt or decrypt depending on set mode.</p>