File: 1.5.rst

package info (click to toggle)
python-passlib 1.9.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,184 kB
  • sloc: python: 26,132; makefile: 7
file content (173 lines) | stat: -rw-r--r-- 6,220 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
===========
Passlib 1.5
===========

.. _bcrypt-padding-issue:

**1.5.3** (2011-10-08)
======================

    Bugfix release -- fixes BCrypt padding/verification issue (:issue:`25`)

    This release fixes a single issue with Passlib's BCrypt support: Many
    BCrypt hashes generated by Passlib (<= 1.5.2) will not successfully verify
    under some of the other BCrypt implementations, such as OpenBSD's
    ``/etc/master.passwd``.

    *In detail:*

        BCrypt hashes contain 4 "padding" bits in the encoded salt, and Passlib
        (<= 1.5.2) generated salts in a manner which frequently set some of the
        padding bits to 1.  While Passlib ignores these bits, many BCrypt
        implementations perform password verification in a way which rejects
        *all* passwords if any of the padding bits are set.  Thus Passlib's
        BCrypt salt generation needed to be fixed to ensure compatibility,
        and a route provided to correct existing hashes already out in the wild
        :issue:`25`.

    *Changes in this release:*

    .. currentmodule:: passlib.context

    * BCrypt hashes generated by Passlib now have all padding bits cleared.

    * Passlib will continue to accept BCrypt hashes that have padding bits
      set, but when it encounters them, it will issue a :exc:`UserWarning`
      recommending that the hash should be fixed (see below).

    * Applications which use :meth:`CryptContext.verify_and_update` will
      have any such hashes automatically re-encoded the next time the user
      logs in.

    *To fix existing hashes:*

        If you have BCrypt hashes which might have their padding bits set,
        you can import :class:`!passlib.hash.bcrypt`, and
        call ``clean_hash = bcrypt.normhash(hash)``.
        This function will clear the padding bits of any BCrypt hashes,
        and should leave all other strings alone.

**1.5.2** (2011-09-19)
======================

    Minor bugfix release -- mainly Django-related fixes

    Hashes

        .. currentmodule:: passlib.hash

        * *bugfix:* :class:`django_des_crypt` now accepts all
          :data:`hash64 <passlib.utils.binary.h64>` characters in its salts;
          previously it accepted only lower-case hexadecimal characters (:issue:`22`).

        * Additional unittests added for all
          standard :doc:`Django hashes </lib/passlib.hash.django_std>`.

        * :class:`django_des_crypt` now rejects hashes where salt and checksum
          containing mismatched salt characters.

    CryptContext

        .. currentmodule:: passlib.context

        * *bugfix:* fixed exception in :meth:`CryptPolicy.iter_config`
          that occurred when iterating over deprecation options.

        * Added documentation for the (mistakenly undocumented)
          :meth:`CryptContext.verify_and_update` method.

**1.5.1** (2011-08-17)
======================

    Minor bugfix release -- now compatible with Google App Engine.

    * *bugfix:* make ``passlib.hash.__loader__`` attribute writable -
      needed by Google App Engine (GAE) :issue:`19`.

    * *bugfix:* provide fallback for loading ``passlib/default.cfg``
      if :mod:`pkg_resources` is not present, such as for GAE :issue:`19`.

    * *bugfix:* fixed error thrown by CryptContext.verify
      when issuing min_verify_time warning :issue:`17`.

    * removed min_verify_time setting from custom_app_context,
      min_verify_time is too host & load dependant to be hardcoded :issue:`17`.

    * under GAE, disable all unittests which require writing to filesystem.

    * more unittest coverage for :mod:`passlib.apps` and :mod:`passlib.hosts`.

    * improved version datestamps in build script.

**1.5.0** (2011-07-11)
======================

*"20% more unicode than the leading breakfast cereal"*

The main new feature in this release is that
Passlib now supports Python 3 (via the 2to3 tool).
Everything has been recoded to have better separation
between unicode and bytes, and to use unicode internally
where possible.
When run under Python 2, Passlib 1.5 attempts
to provide the same behavior as Passlib 1.4;
but when run under Python 3, most functions
will return unicode instead of ascii bytes.

Besides this major change, there have
been some other additions:

Hashes
------

    * added support for Cryptacular's PBKDF2 format.
    * added support for the FSHP family of hashes.
    * added support for using BCryptor as BCrypt backend.
    * added support for all of Django's hash formats.

CryptContext
------------

    .. currentmodule:: passlib.context

    * interpolation deprecation:

      :meth:`CryptPolicy.from_path` and :meth:`CryptPolicy.from_string`
      now use :class:`!SafeConfigParser` instead of :class:`!ConfigParser`.
      This may cause some existing config files containing unescaped ``%``
      to result in errors; Passlib 1.5 will demote these to warnings,
      but any extant config files should be updated,
      as the errors will be fatal in Passlib 1.6.

    * added encoding keyword to :class:`!CryptPolicy`'s
      :meth:`!.from_path()`, :meth:`!.from_string`,
      and :meth:`!.to_string` methods.

    * both classes in :mod:`passlib.apache`
      now support specifying an encoding for the username/realm.

Documentation
-------------

    * Password Hash API expanded to include explicit
      :ref:`unicode vs bytes policy <hash-unicode-behavior>`.
    * Added quickstart guide to documentation.
    * Various minor improvements.

Internal Changes
----------------

    * Added more handler utility functions to reduce code duplication.
    * Expanded kdf helpers in :mod:`!passlib.utils.pbkdf2`.
    * Removed deprecated parts of :mod:`passlib.utils.handlers`.
    * Various minor changes to
      :class:`passlib.utils.handlers.HasManyBackends`;
      main change is that multi-backend handlers now raise
      :exc:`~passlib.exc.MissingBackendError`
      if no backends are available.

    * Builtin tests now use :mod:`!unittest2` if available.
    * Setup script no longer requires distribute or setuptools.
    * added (undocumented, experimental) Django app
      for overriding Django's default hash format,
      see ``docs/lib/passlib.ext.django.rst`` for more.