On Thu, 06 Feb 2025 at 11:20, Alvaro Herrera <alvhe...@alvh.no-ip.org> wrote: > On 2025-Jan-28, Bernd Helmle wrote: > >> Python's passlib is very strict when it comes to supported characters >> within a salt string. It rejects everything thats not matching '[./0- >> 9A-Za-z]'. So when you provide the example above you get > > The reason it uses these chars is that in their scheme the salt bytes > are base64-encoded. > > The passlib docs has this page about the "modular crypt format": > https://passlib.readthedocs.io/en/stable/modular_crypt_format.html > > and they point this other page as a "modern, non-ambiguous standard": > https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md > About the salt, this last document says: > > The role of salts is to achieve uniqueness. A random salt is fine for > that as long as its length is sufficient; a 16-byte salt would work > well (by definition, UUID are very good salts, and they encode over > exactly 16 bytes). 16 bytes encode as 22 characters in B64. Functions > should disallow salt values that are too small for security (4 bytes > should be viewed as an absolute minimum). > > This "Password Hashing Competition" organization hardly seems an > authority though. It'd be great to have an IETF standard about this ...
Yeah. Since there is no standard, how do we handle this? I prefer to use the strict mode like passlib. -- Regrads, Japin Li
