Esempio n. 1
0
 def os_supports_ident(self, hash):
     "check if OS crypt is expected to support given ident"
     if hash is None:
         return True
     # most OSes won't support 2x/2y
     # XXX: definitely not the BSDs, but what about the linux variants?
     from passlib.handlers.bcrypt import IDENT_2X, IDENT_2Y
     if hash.startswith(IDENT_2X) or hash.startswith(IDENT_2Y):
         return False
     return True
 def os_supports_ident(self, hash):
     "check if OS crypt is expected to support given ident"
     if hash is None:
         return True
     # most OSes won't support 2x/2y
     # XXX: definitely not the BSDs, but what about the linux variants?
     from passlib.handlers.bcrypt import IDENT_2X, IDENT_2Y
     if hash.startswith(IDENT_2X) or hash.startswith(IDENT_2Y):
         return False
     return True
 def os_supports_ident(self, hash):
     """check if OS crypt is expected to support given ident"""
     if hash is None:
         return True
     # most OSes won't support 2x/2y
     # XXX: definitely not the BSDs, but what about the linux variants?
     # XXX: replace this all with 'handler._lacks_2{x}_support' feature detection?
     #      could even just do call to safe_crypt(ident + salt) and see what we get
     from passlib.handlers.bcrypt import IDENT_2X, IDENT_2Y
     if hash.startswith(IDENT_2X) or hash.startswith(IDENT_2Y):
         return False
     return True
 def check_bcryptor(secret, hash):
     "bcryptor"
     secret = to_native_str(secret, self.fuzz_password_encoding)
     if hash.startswith(IDENT_2Y):
         hash = IDENT_2A + hash[4:]
     elif hash.startswith(IDENT_2):
         # bcryptor doesn't support $2$ hashes; but we can fake it
         # using the $2a$ algorithm, by repeating the password until
         # it's 72 chars in length.
         hash = IDENT_2A + hash[3:]
         if secret:
             secret = repeat_string(secret, 72)
     return Engine(False).hash_key(secret, hash) == hash
Esempio n. 5
0
 def check_bcryptor(secret, hash):
     """bcryptor"""
     secret = to_native_str(secret, self.FuzzHashGenerator.password_encoding)
     if hash.startswith((IDENT_2B, IDENT_2Y)):
         hash = IDENT_2A + hash[4:]
     elif hash.startswith(IDENT_2):
         # bcryptor doesn't support $2$ hashes; but we can fake it
         # using the $2a$ algorithm, by repeating the password until
         # it's 72 chars in length.
         hash = IDENT_2A + hash[3:]
         if secret:
             secret = repeat_string(secret, 72)
     return Engine(False).hash_key(secret, hash) == hash
Esempio n. 6
0
 def verify_django(secret, hash):
     """django/check_password"""
     if self.handler.name == "django_bcrypt" and hash.startswith(
             "bcrypt$$2y$"):
         hash = hash.replace("$$2y$", "$$2a$")
     if isinstance(secret, bytes):
         secret = secret.decode("utf-8")
     return check_password(secret, hash)
 def check_bcrypt(secret, hash):
     """bcrypt"""
     secret = to_bytes(secret, self.fuzz_password_encoding)
     if hash.startswith(IDENT_2B):
         # bcrypt <1.1 lacks 2b support
         hash = IDENT_2A + hash[4:]
     elif hash.startswith(IDENT_2):
         # bcrypt doesn't support $2$ hashes; but we can fake it
         # using the $2a$ algorithm, by repeating the password until
         # it's 72 chars in length.
         hash = IDENT_2A + hash[3:]
         if secret:
             secret = repeat_string(secret, 72)
     hash = to_bytes(hash)
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("bcrypt rejected hash: %r (secret=%r)" % (hash, secret))
 def check_pybcrypt(secret, hash):
     "pybcrypt"
     secret = to_native_str(secret, self.fuzz_password_encoding)
     if hash.startswith(IDENT_2Y):
         hash = IDENT_2A + hash[4:]
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("py-bcrypt rejected hash: %r" % (hash, ))
Esempio n. 9
0
 def check_pybcrypt(secret, hash):
     "pybcrypt"
     secret = to_native_str(secret, self.fuzz_password_encoding)
     if hash.startswith(IDENT_2Y):
         hash = IDENT_2A + hash[4:]
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("py-bcrypt rejected hash: %r" % (hash,))
Esempio n. 10
0
 def verify_django(secret, hash):
     """django/check_password"""
     if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"):
         hash = hash.replace("$$2y$", "$$2a$")
     if self.django_has_encoding_glitch and isinstance(secret, bytes):
         # e.g. unsalted_md5 on 1.5 and higher try to combine
         # salt + password before encoding to bytes, leading to ascii error.
         # this works around that issue.
         secret = secret.decode("utf-8")
     return check_password(secret, hash)
 def check_pybcrypt(secret, hash):
     """pybcrypt"""
     secret = to_native_str(secret, self.fuzz_password_encoding)
     if len(secret) > 200:  # vulnerable to wraparound bug
         secret = secret[:200]
     if hash.startswith((IDENT_2B, IDENT_2Y)):
         hash = IDENT_2A + hash[4:]
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("py-bcrypt rejected hash: %r" % (hash,))
Esempio n. 12
0
 def check_bcrypt(secret, hash):
     """bcrypt"""
     secret = to_bytes(secret, self.FuzzHashGenerator.password_encoding)
     if hash.startswith(IDENT_2B):
         # bcrypt <1.1 lacks 2B support
         hash = IDENT_2A + hash[4:]
     elif hash.startswith(IDENT_2):
         # bcrypt doesn't support $2$ hashes; but we can fake it
         # using the $2a$ algorithm, by repeating the password until
         # it's 72 chars in length.
         hash = IDENT_2A + hash[3:]
         if secret:
             secret = repeat_string(secret, 72)
     elif hash.startswith(IDENT_2Y) and bcrypt.__version__ == "3.0.0":
         hash = IDENT_2B + hash[4:]
     hash = to_bytes(hash)
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("bcrypt rejected hash: %r (secret=%r)" %
                          (hash, secret))
Esempio n. 13
0
 def verify_django(secret, hash):
     """django/check_password"""
     if (1,4) <= DJANGO_VERSION < (1,6) and not secret:
         return "skip"
     if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"):
         hash = hash.replace("$$2y$", "$$2a$")
     if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes):
         # e.g. unsalted_md5 on 1.5 and higher try to combine
         # salt + password before encoding to bytes, leading to ascii error.
         # this works around that issue.
         secret = secret.decode("utf-8")
     return check_password(secret, hash)
Esempio n. 14
0
 def check_pybcrypt(secret, hash):
     """pybcrypt"""
     secret = to_native_str(secret,
                            self.FuzzHashGenerator.password_encoding)
     if len(secret) > 200:  # vulnerable to wraparound bug
         secret = secret[:200]
     if hash.startswith((IDENT_2B, IDENT_2Y)):
         hash = IDENT_2A + hash[4:]
     try:
         if lock:
             with lock:
                 return bcrypt_mod.hashpw(secret, hash) == hash
         else:
             return bcrypt_mod.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("py-bcrypt rejected hash: %r" % (hash, ))
Esempio n. 15
0
 def check_bcrypt(secret, hash):
     "bcrypt"
     secret = to_bytes(secret, self.fuzz_password_encoding)
     #if hash.startswith(IDENT_2Y):
     #    hash = IDENT_2A + hash[4:]
     if hash.startswith(IDENT_2):
         # bcryptor doesn't support $2$ hashes; but we can fake it
         # using the $2a$ algorithm, by repeating the password until
         # it's 72 chars in length.
         hash = IDENT_2A + hash[3:]
         if secret:
             secret = repeat_string(secret, 72)
     hash = to_bytes(hash)
     try:
         return bcrypt.hashpw(secret, hash) == hash
     except ValueError:
         raise ValueError("bcrypt rejected hash: %r" % (hash, ))
Esempio n. 16
0
 def check_padding(hash):
     assert hash.startswith(("$2a$", "$2b$")) and len(hash) >= 28, \
         "unexpectedly malformed hash: %r" % (hash,)
     self.assertTrue(hash[28] in '.Oeu',
                     "unused bits incorrectly set in hash: %r" % (hash,))
Esempio n. 17
0
 def check_padding(hash):
     assert hash.startswith("$2a$") and len(hash) >= 28
     self.assertTrue(
         hash[28] in '.Oeu',
         "unused bits incorrectly set in hash: %r" % (hash, ))
Esempio n. 18
0
 def check_padding(hash):
     assert hash.startswith(("$2a$", "$2b$")) and len(hash) >= 28, \
         "unexpectedly malformed hash: %r" % (hash,)
     self.assertTrue(
         hash[28] in '.Oeu',
         "unused bits incorrectly set in hash: %r" % (hash, ))
Esempio n. 19
0
 def check_padding(hash):
     "check bcrypt hash doesn't have salt padding bits set"
     assert hash.startswith("$2a$") and len(hash) >= 28
     self.assertTrue(hash[28] in BSLAST,
                     "padding bits set in hash: %r" % (hash,))
Esempio n. 20
0
 def check_padding(hash):
     assert hash.startswith("$2a$") and len(hash) >= 28
     self.assertTrue(hash[28] in ".Oeu", "unused bits incorrectly set in hash: %r" % (hash,))
Esempio n. 21
0
 def check_padding(hash):
     "check bcrypt hash doesn't have salt padding bits set"
     assert hash.startswith("$2a$") and len(hash) >= 28
     self.assertTrue(hash[28] in BSLAST,
                     "padding bits set in hash: %r" % (hash, ))