#11912: check_password() and "crypt()" passwords
----------------------------+-----------------------------------------------
Reporter: nahuel | Owner: nobody
Status: new | Milestone:
Component: Authentication | Version: 1.1
Keywords: | Stage: Unreviewed
Has_patch: 0 |
----------------------------+-----------------------------------------------
{{{
In [16]: (hash, salt, pwc) = 'crypt$MW$CXuav1H6.Tw'.split('$')
In [17]: crypt.crypt('bitchou',salt)
Out[17]: 'MWCXuav1H6.Tw'
In [18]: pwc
Out[18]: 'CXuav1H6.Tw'
}}}
As you see, crypt.crypt return the salt+pwc, and not only the "pwd", so in
django the checked password always return false:
http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py#L39
To fix this, just change the line 45 to:
{{{
return salt + hsh == get_hexdigest(algo, salt, raw_password)
}}}
Or perhaps I'm wrong, but I don't think.
--
Ticket URL: <http://code.djangoproject.com/ticket/11912>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
