New submission from pvo :
Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite
the different salts, crypt ignores the salt and produces identical encrypted
passwords.
The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python
2.6.4 (r264:7570) (both
pvo added the comment:
FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly.
OpenBSD's crypt(3) says: "The Blowfish version of crypt has 128 bits of salt in
order to make building dictionaries of common passwords space consuming."
I wrot
pvo added the comment:
$2a$12$saltysalt$ignored
^ ^ ^ ^
| | | \_ignored
| | \_the salt
| \_number of rounds (04-31)
\_ crypt id
About the crypt id:
I read too much Blowfish crypt related stuff in the recent both days. Can't
remember exactly the difference be
pvo added the comment:
OpenBSD's crypt(3) mentions some bcrypt*() functions. One of this functions is
"char * bcrypt_gensalt(u_int8_t log_rounds)". It produces salts like:
$2a$04$7.zkQ.HPURlplcFTWgDL3u or $2a$04$l2SuIEWPqF4D3uMTABgBYO
Passing this salts to Pyton's cr
