New submission from Hazem Amara <amara...@gmail.com>:
I am having an issue with crypt library (Lib/crypt.py) when hashing passwords containing \n character. I am using python 3.8.2 on Linux. To compare hashed passwords produced by crypt, I used openssl and mkpasswd utilities. When generating hashes for password without \n, crypt, openssl and mkpasswd return the same result: openssl passwd -6 -salt "saltySalt" "password" $6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/ mkpasswd -S "saltySalt" -m sha-512 "password" $6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/ python3 -c 'import crypt; print(crypt.crypt("password","$6$saltySalt"))' $6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/ But when generating hashes for passwords containing \n character, crypt returns a result different from the result returned by openssl and mkpasswd: openssl passwd -6 -salt "saltySalt" "password\n" $6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1 mkpasswd -S "saltySalt" -m sha-512 "password\n" $6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1 python3 -c 'import crypt; print(crypt.crypt("password\n","$6$saltySalt"))' $6$saltySalt$hsmSR02RXIRP5U14cDo3wtwLCOD1Lb/9huWQEuJYRyatQjRjXmzYJI9rpfqys8ucIc.GbymuE3a5DVcLzSxn5/ I did not find a special mention for newline character in the documentation. Thanks for your help. ---------- components: Library (Lib) messages: 377694 nosy: amarahzm priority: normal severity: normal status: open title: crypt produces wrong hashes for passwords containing newline character versions: Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41890> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com