Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

notebook -- evidently only the first 6 characters are significant??? #7670

Closed
williamstein opened this issue Dec 12, 2009 · 4 comments
Closed

notebook -- evidently only the first 6 characters are significant??? #7670

williamstein opened this issue Dec 12, 2009 · 4 comments
Assignees
@williamstein
Labels
c: user interface r: invalid t: bug

Comments

@williamstein
Copy link
Contributor 

Hi,

There is a password issue with sage notebook account. Please read below:

Sameer

On Fri, Dec 11, 2009 at 1:22 PM, Sameer Regmi <> wrote:
> On Fri, Dec 11, 2009 at 1:16 PM, Ondrej Certik <> wrote:
>> On Fri, Dec 11, 2009 at 1:12 PM, Sameer <> wrote:
>>> Hi I have found a weird issue with FEMhub online lab account. Let's
>>> say my password is "nevada". Then whenever I enter any text (in
>>> password field) with nevada as the prefix it will login. That means if
>>> I enter nevada123 (or whatever as the suffix) it will
>>> login.
>>
>> Seems like a bug in the Sage notebook. Could you please try to verify
>> this against sagenb.org and if the problem is in there as well,
>> could you please report it to the sage notebook list?
>
> Exactly! Its the bug in Sage notebook. The issue is there in sagenb.org too.
> I even can login with "nevad" if the password is of nevada. I am
> reporting to sage notebook list
>
> Sameer

Component: notebook

Reviewer: Karl-Dieter Crisman

Issue created by migration from https://trac.sagemath.org/ticket/7670
@williamstein williamstein added this to the sage-5.11 milestone Dec 12, 2009
@williamstein williamstein self-assigned this Dec 12, 2009
@qed777
Copy link
Mannequin

qed777 mannequin commented Dec 12, 2009

comment:1

Could the problem be sagenb.notebook.user.User's use of crypt:

>>> import crypt
>>> crypt.crypt('abcdefgh', 'aa')
'aaHHlPHAM4sjs'
>>> crypt.crypt('abcdefghi', 'aa')
'aaHHlPHAM4sjs'

?

@qed777
Copy link
Mannequin

qed777 mannequin commented Dec 12, 2009

comment:2

But crypt supports whatever the OS's underlying crypt(3) supports. We could instead do, e.g.,

import crypt as c, random as r
salt = repr(r.random())[2:]
'77551456940940877'
c.crypt('abcdefgh', '$6$' + salt + '$')
'$6$7755145694094087$uW0RGjvJG3I.BDFKIAieUTPZkD4IGI6b8RtLt1fZ9czR0TefjriLwRGPItgPyZogDFsy.YorN24v2GM4YrBwK0'
c.crypt('abcdefghi', '$6$' + salt + '$')
'$6$7755145694094087$txEQuYAJlZ.042gqmPTeLSczXBv1sI6kSjzpbmU7o89rh.Tk7qUGHhLHtL1GIrVXmUdFrQBuIefktTTptuEq31'

If Linux and Mac OS X, at least, both support SHA-512, I suggest we use it by default. Should we generate each user's pseudo-random "salt" --- used to avoid clustering --- differently than above?

@jdemeyer jdemeyer modified the milestones: sage-5.11, sage-5.12 Aug 13, 2013
@sagetrac-vbraun-spam sagetrac-vbraun-spam mannequin modified the milestones: sage-6.1, sage-6.2 Jan 30, 2014
@sagetrac-vbraun-spam sagetrac-vbraun-spam mannequin modified the milestones: sage-6.2, sage-6.3 May 6, 2014
@sagetrac-vbraun-spam sagetrac-vbraun-spam mannequin modified the milestones: sage-6.3, sage-6.4 Aug 10, 2014
@kcrisman
Copy link
Member

Reviewer: Karl-Dieter Crisman

@kcrisman
Copy link
Member

comment:7

I cannot replicate this, and it is so old I am going to ask to close this.

@kcrisman kcrisman removed this from the sage-6.4 milestone Sep 17, 2014
@vbraun vbraun closed this as completed Sep 18, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@williamstein williamstein

Labels
c: user interface r: invalid t: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vbraun @williamstein @kcrisman @jdemeyer