[issue41890] crypt produces wrong hashes for passwords containing newline character

Wed, 30 Sep 2020 01:42:39 -0700 


New submission from Hazem Amara <amara...@gmail.com>:

I am having an issue with crypt library (Lib/crypt.py) when hashing passwords 
containing \n character. I am using python 3.8.2 on Linux.  To compare hashed 
passwords produced by crypt, I used openssl and mkpasswd utilities. 

When generating hashes for password without \n, crypt, openssl and mkpasswd 
return the same result:

openssl passwd -6 -salt "saltySalt" "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/

mkpasswd -S "saltySalt" -m sha-512 "password"
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/

python3 -c 'import crypt; print(crypt.crypt("password","$6$saltySalt"))'
$6$saltySalt$0zG/rneQmcu2mKFi/xXKF5WVH4ald6AlPTwnSRggVpyu7iRbq9buUmS5gD884iB1seAPw3UehNZ/b.jxL0g4Y/


But when generating hashes for passwords containing \n character, crypt returns 
a result different from the result returned by openssl and mkpasswd: 

openssl passwd -6 -salt "saltySalt" "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
 
mkpasswd -S "saltySalt" -m sha-512 "password\n"
$6$saltySalt$v.6rXp74bIjKX42ufuY7/KWnngOAgFReenROiPODOQYzlRuE2NT4/Bgs8s4ULd3BgKNZQQ7i9GqlibMhRw2SV1
 
python3 -c 'import crypt; print(crypt.crypt("password\n","$6$saltySalt"))'
$6$saltySalt$hsmSR02RXIRP5U14cDo3wtwLCOD1Lb/9huWQEuJYRyatQjRjXmzYJI9rpfqys8ucIc.GbymuE3a5DVcLzSxn5/


I did not find a special mention for newline character in the documentation. 
Thanks for your help.

----------
components: Library (Lib)
messages: 377694
nosy: amarahzm
priority: normal
severity: normal
status: open
title: crypt produces wrong hashes for passwords containing newline character
versions: Python 3.8

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue41890>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to