Changeset 25771 in project


Ignore:
Timestamp:
01/05/12 23:07:12 (9 years ago)
Author:
sjamaan
Message:

Update crypt changelog

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/eggref/4/crypt

    r25137 r25771  
    9090; {{$P$}} : MD5-based hash used by [[http://www.openwall.com/phpass/|PHPass - the Portable PHP password hashing framework]]
    9191; {{$H$}} : Same as above, but used by [[http://area51.phpbb.com/docs/code/30x/phpbb3/package-functions.html#phpbb_hash()|PHPbb]] because, well, they're PHP developers. (I wonder if these developers are somehow related to the people working on APR...)
     92; {{$2x$}} : "compatibility" option for OpenWall's bcrypt implementation (used as fallback for bcrypt in this egg) to trigger old [[http://www.openwall.com/lists/oss-security/2011/06/20/2|buggy behavior that has a known vulnerability]], only to be used when comparing values produced by the old version.
     93; {{$2y$}} : "force correct algorithm" option for OpenWall's bcrypt implementation.  When passed {{$2a$}} normally bcrypt will sometimes fall back to the buggy algorithm, but in this egg it acts like {{$2y}} was passed.  This is done to ensure compatibility with the BSD implemetnation, which dictates the standard.  Currently there is no way to pass {{$2x$}} or {{$2y$}} to {{crypt}} even if the OpenWall version is used internally.  If you really need this, please contact me and I'll try to figure out a way to do it.
    9294
    9395=== Full API reference
     
    328330=== Changelog
    329331
     332* trunk Update bcrypt fallback implementation to [[http://www.openwall.org/crypt|OpenWall bcrypt]] 1.2, fixing [[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483|CVE-2011-2483]] (hashing passwords containing UTF or other characters with the high bit set produced bogus values).
    330333* 0.3 Allow for manually overriding the native crypt types (suggested by [[/users/mario-domenech-goulart|Mario Domenech Goulart]])
    331334* 0.2 Minor changes in previously undocumented API. Use an odd default number of rounds for extended DES algorithm.
Note: See TracChangeset for help on using the changeset viewer.