Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fix password hashing for Python 3 #1016

Closed
wants to merge 1 commit into from

2 participants

@takluyver
Owner

Correctly handle unicode for Python 3. This may also be needed if you want to use non-ascii characters in passwords with Python 2.

I considered pushing this straight to master, but I wanted to remind people how we're handling Python 3 compatibility. I've used cast_bytes on password, so it can be passed in either as bytes or unicode. The salt is generated in the native str type for each platform, so it goes through str_to_bytes, which is a no-op on Python 2.

I'll merge this tomorrow, unless anyone objects.

@takluyver takluyver closed this pull request from a commit
@takluyver takluyver Fix password hashing for Python 3
Rebased to avoid recursive merge; closes #1016.
9a89486
@takluyver takluyver closed this in 9a89486
@fperez
Owner

Great, thanks!

@fperez fperez referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@mattvonrocketstein mattvonrocketstein referenced this pull request from a commit in mattvonrocketstein/ipython
@takluyver takluyver Fix password hashing for Python 3
Rebased to avoid recursive merge; closes #1016.
56be6d1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 19, 2011
  1. @takluyver
This page is out of date. Refresh to see the latest.
Showing with 3 additions and 2 deletions.
  1. +3 −2 IPython/lib/security.py
View
5 IPython/lib/security.py
@@ -12,6 +12,7 @@
# Our own
from IPython.core.error import UsageError
from IPython.testing.skipdoctest import skip_doctest
+from IPython.utils.py3compat import cast_bytes, str_to_bytes
#-----------------------------------------------------------------------------
# Globals
@@ -66,7 +67,7 @@ def passwd(passphrase=None, algorithm='sha1'):
h = hashlib.new(algorithm)
salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
- h.update(passphrase + salt)
+ h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))
return ':'.join((algorithm, salt, h.hexdigest()))
@@ -112,6 +113,6 @@ def passwd_check(hashed_passphrase, passphrase):
if len(pw_digest) == 0:
return False
- h.update(passphrase + salt)
+ h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))
return h.hexdigest() == pw_digest
Something went wrong with that request. Please try again.