Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to specify the number of rounds for SHA-* hashing in crypt #75883

Closed
serhiy-storchaka opened this issue Oct 5, 2017 · 5 comments
Closed

Allow to specify the number of rounds for SHA-* hashing in crypt #75883

serhiy-storchaka opened this issue Oct 5, 2017 · 5 comments
Labels
3.7 stdlib type-feature

Comments

@serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Oct 5, 2017

BPO 31702
Nosy @gpshead, @pitrou, @vstinner, @tiran, @serhiy-storchaka, @dstufft
PRs
  • #4110
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = <Date 2017-11-16.11:23:51.851>
    created_at = <Date 2017-10-05.12:32:51.925>
    labels = ['3.7', 'type-feature', 'library']
    title = 'Allow to specify the number of rounds for SHA-* hashing in crypt'
    updated_at = <Date 2017-11-16.11:23:51.850>
    user = 'https://github.com/serhiy-storchaka'

    bugs.python.org fields:

    activity = <Date 2017-11-16.11:23:51.850>
    actor = 'serhiy.storchaka'
    assignee = 'none'
    closed = True
    closed_date = <Date 2017-11-16.11:23:51.851>
    closer = 'serhiy.storchaka'
    components = ['Library (Lib)']
    creation = <Date 2017-10-05.12:32:51.925>
    creator = 'serhiy.storchaka'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 31702
    keywords = ['patch']
    message_count = 5.0
    messages = ['303760', '304942', '305002', '305013', '306352']
    nosy_count = 7.0
    nosy_names = ['gregory.p.smith', 'jafo', 'pitrou', 'vstinner', 'christian.heimes', 'serhiy.storchaka', 'dstufft']
    pr_nums = ['4110']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'enhancement'
    url = 'https://bugs.python.org/issue31702'
    versions = ['Python 3.7']

    @serhiy-storchaka
    Copy link
    Member Author

    @serhiy-storchaka serhiy-storchaka commented Oct 5, 2017

    Blowfish salt should contain the binary logarithm of the number of rounds (from 4 to 31) (see bpo-31664). SHA-* salt can contain an explicit number of rounds in the form '$rounds={value}$'. It is bound to the range from 1000 to 999999999, the default is 5000.

    I propose to allow to specify the number of rounds in generated salt for SHA-* methods as well as for Blowfish. For unifying interface we can specify the number of rounds instead of its logarithm for Blowfish, and calculate the logarithm internally.

    The question is what to do with the value that is not a power of two for Blowfish. Should we raise an error or silently replace it with the upper power of two?

    @serhiy-storchaka serhiy-storchaka added 3.7 stdlib type-feature labels Oct 5, 2017
    @gpshead
    Copy link
    Member

    @gpshead gpshead commented Oct 24, 2017

    I'd raise a ValueError in that case.

    @serhiy-storchaka
    Copy link
    Member Author

    @serhiy-storchaka serhiy-storchaka commented Oct 25, 2017

    What to do with values outside of the valid range (2**4 to 2**31 for Blowfish, 1000 to 999999999 for SHA*). Raise ValueError, OverflowError, or bound it, or just generate an invalid salt and allow crypt() to handle it?

    @gpshead
    Copy link
    Member

    @gpshead gpshead commented Oct 25, 2017

    I'd stick with ValueError in that case as well. if someone dislikes the
    valueerrors because they _want_ to use an invalid one, they can file a bug
    and we'll reconsider only if they have a meaningful use case.

    On Wed, Oct 25, 2017 at 9:36 AM Serhiy Storchaka <report@bugs.python.org>
    wrote:

    Serhiy Storchaka <storchaka+cpython@gmail.com> added the comment:

    What to do with values outside of the valid range (2**4 to 2**31 for
    Blowfish, 1000 to 999999999 for SHA*). Raise ValueError, OverflowError, or
    bound it, or just generate an invalid salt and allow crypt() to handle it?

    ----------
    nosy: +haypo, pitrou


    Python tracker <report@bugs.python.org>
    <https://bugs.python.org/issue31702\>


    @serhiy-storchaka
    Copy link
    Member Author

    @serhiy-storchaka serhiy-storchaka commented Nov 16, 2017

    New changeset cede8c9 by Serhiy Storchaka in branch 'master':
    bpo-31702: Allow to specify rounds for SHA-2 hashing in crypt.mksalt(). (bpo-4110)
    cede8c9

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 stdlib type-feature
    Projects
    None yet
    Development

    No branches or pull requests

    2 participants