django_des_crypt has wrong salt_chars

Issue #22 resolved
Eli Collins repo owner created an issue
(Imported from Google Code)

As reported by David Eyk , the following django_des_crypt hash gets rejected:

Password: foo
> Salt: MN
> Hash: crypt$MNVY.9ajgdvDQ$MNVY.9ajgdvDQ

It looks like (as of v1.5) that django_des_crypt has the wrong salt_chars value - it inherited the value LC_HEX_CHARS from the other django hashes, when it should have been set to H64_CHARS. A fix should be simple, and the above hash added as a test vector, but a more thorough review of the django hashes should be done first to ensure nothing else slipped through before the bugfix is released.

In the meantime, the following monkeypatch fixes the issue:

from passlib.utils.handlers import H64_CHARS

from passlib.hash import django_des_crypt

django_des_crypt.salt_chars = H64_CHARS

Comments (1)

  1. Log in to comment