Skip to content
This repository

Fix password hashing for Python 3 #1016

Closed
wants to merge 1 commit into from

2 participants

Thomas Kluyver Fernando Perez
Thomas Kluyver
Collaborator

Correctly handle unicode for Python 3. This may also be needed if you want to use non-ascii characters in passwords with Python 2.

I considered pushing this straight to master, but I wanted to remind people how we're handling Python 3 compatibility. I've used cast_bytes on password, so it can be passed in either as bytes or unicode. The salt is generated in the native str type for each platform, so it goes through str_to_bytes, which is a no-op on Python 2.

I'll merge this tomorrow, unless anyone objects.

Thomas Kluyver takluyver closed this pull request from a commit November 19, 2011
Thomas Kluyver Fix password hashing for Python 3
Rebased to avoid recursive merge; closes #1016.
9a89486
Thomas Kluyver takluyver closed this in 9a89486 November 19, 2011
Fernando Perez
Owner

Great, thanks!

Fernando Perez fperez referenced this pull request from a commit January 10, 2012
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Nov 19, 2011
Thomas Kluyver Fix password hashing for Python 3 be2cae7
This page is out of date. Refresh to see the latest.

Showing 1 changed file with 3 additions and 2 deletions. Show diff stats Hide diff stats

  1. 5  IPython/lib/security.py
5  IPython/lib/security.py
@@ -12,6 +12,7 @@
12 12
 # Our own
13 13
 from IPython.core.error import UsageError
14 14
 from IPython.testing.skipdoctest import skip_doctest
  15
+from IPython.utils.py3compat import cast_bytes, str_to_bytes
15 16
 
16 17
 #-----------------------------------------------------------------------------
17 18
 # Globals
@@ -66,7 +67,7 @@ def passwd(passphrase=None, algorithm='sha1'):
66 67
 
67 68
     h = hashlib.new(algorithm)
68 69
     salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
69  
-    h.update(passphrase + salt)
  70
+    h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))
70 71
 
71 72
     return ':'.join((algorithm, salt, h.hexdigest()))
72 73
 
@@ -112,6 +113,6 @@ def passwd_check(hashed_passphrase, passphrase):
112 113
     if len(pw_digest) == 0:
113 114
         return False
114 115
 
115  
-    h.update(passphrase + salt)
  116
+    h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))
116 117
 
117 118
     return h.hexdigest() == pw_digest
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.