Changeset 25771 in project

01/05/12 23:07:12 (9 years ago)

Update crypt changelog

1 edited


  • wiki/eggref/4/crypt

    r25137 r25771  
    9090; {{$P$}} : MD5-based hash used by [[|PHPass - the Portable PHP password hashing framework]]
    9191; {{$H$}} : Same as above, but used by [[|PHPbb]] because, well, they're PHP developers. (I wonder if these developers are somehow related to the people working on APR...)
     92; {{$2x$}} : "compatibility" option for OpenWall's bcrypt implementation (used as fallback for bcrypt in this egg) to trigger old [[|buggy behavior that has a known vulnerability]], only to be used when comparing values produced by the old version.
     93; {{$2y$}} : "force correct algorithm" option for OpenWall's bcrypt implementation.  When passed {{$2a$}} normally bcrypt will sometimes fall back to the buggy algorithm, but in this egg it acts like {{$2y}} was passed.  This is done to ensure compatibility with the BSD implemetnation, which dictates the standard.  Currently there is no way to pass {{$2x$}} or {{$2y$}} to {{crypt}} even if the OpenWall version is used internally.  If you really need this, please contact me and I'll try to figure out a way to do it.
    9395=== Full API reference
    328330=== Changelog
     332* trunk Update bcrypt fallback implementation to [[|OpenWall bcrypt]] 1.2, fixing [[|CVE-2011-2483]] (hashing passwords containing UTF or other characters with the high bit set produced bogus values).
    330333* 0.3 Allow for manually overriding the native crypt types (suggested by [[/users/mario-domenech-goulart|Mario Domenech Goulart]])
    331334* 0.2 Minor changes in previously undocumented API. Use an odd default number of rounds for extended DES algorithm.
Note: See TracChangeset for help on using the changeset viewer.