New submission from Hazem Amara :
I am having an issue with crypt library (Lib/crypt.py) when hashing passwords
containing \n character. I am using python 3.8.2 on Linux. To compare hashed
passwords produced by crypt, I used openssl and mkpasswd utilities.
When generating hashes for password without \n, crypt, openssl and mkpasswd
return the same result:
openssl passwd -6 -salt "saltySalt" "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/
mkpasswd -S "saltySalt" -m sha-512 "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/
python3 -c 'import crypt; print(crypt.crypt("password","$6$saltySalt"))'
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/
But when generating hashes for passwords containing \n character, crypt returns
a result different from the result returned by openssl and mkpasswd:
openssl passwd -6 -salt "saltySalt" "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
mkpasswd -S "saltySalt" -m sha-512 "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
python3 -c 'import crypt; print(crypt.crypt("password\n","$6$saltySalt"))'
$6$saltySalt$hsmSR02RXIRP5U14cDo3wtwLCOD1Lb/9huWQEuJYRyatQjRjXmzYJI9rpfqys8ucIc.GbymuE3a5DVcLzSxn5/
I did not find a special mention for newline character in the documentation.
Thanks for your help.
--
components: Library (Lib)
messages: 377694
nosy: amarahzm
priority: normal
severity: normal
status: open
title: crypt produces wrong hashes for passwords containing newline character
versions: Python 3.8
___
Python tracker
<https://bugs.python.org/issue41890>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
