Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 74a1110a3b50 by Christian Heimes in branch 'default':
Issue 10924: Fixed mksalt() to use a RNG that is suitable for cryptographic
purpose
http://hg.python.org/cpython/rev/74a1110a3b50
--
nosy: +python-dev
Changes by Christian Heimes li...@cheimes.de:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Christian Heimes li...@cheimes.de added the comment:
I just found mksalt in the whatsnew section and got curious how you've
implemented the function. IMHO it has one major security flaw.
The function uses random.choice(). The choice() function generates random
values with a Mersenne Twister.
SilentGhost ghost@gmail.com added the comment:
Above-mentioned fix was commited in rev 62994662676a
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
SilentGhost ghost@gmail.com added the comment:
Above-mentioned fix was committed in 0586c699d467 and 62994662676a
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Changes by SilentGhost ghost@gmail.com:
--
Removed message: http://bugs.python.org/msg130171
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Changes by Dave Malcolm dmalc...@redhat.com:
--
nosy: +dmalcolm
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
___
Python-bugs-list
Sean Reifschneider j...@tummy.com added the comment:
Committed in r88500.
--
stage: commit review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
Ezio Melotti ezio.melo...@gmail.com added the comment:
Some buildbots are failing after the commit.
Also in the crypt.py module I still see things that according to msg126453
should be fixed already:
* more statements on the same line (e.g. if salt == None: salt = mksalt());
* the hardcoded
SilentGhost ghost@gmail.com added the comment:
Here is the patch fixing pep-8 compatibility and test. It is against the latest
commit.
--
nosy: +SilentGhost
status: closed - open
Added file: http://bugs.python.org/file20840/crypt.py.diff
___
Brett Cannon br...@python.org added the comment:
I will look at the patch.
--
assignee: jafo - brett.cannon
nosy: +brett.cannon
stage: committed/rejected - patch review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
Brett Cannon br...@python.org added the comment:
The patch didn't even import as-is or past the tests, but I tweaked it so it
did (and made method() just an attribute on the module).
--
resolution: accepted - fixed
stage: patch review - committed/rejected
status: open - closed
Sean Reifschneider j...@tummy.com added the comment:
Thanks. I had just read that a day or so ago, reviewing it for Brett's work.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Sean Reifschneider j...@tummy.com added the comment:
At this point I'm going to consider this good to go, and will commit it after
the 3.2 final release. Thanks for the review everyone. Of course, I'm open to
further suggestions until then, just not expecting any...
--
assignee: -
Antoine Pitrou pit...@free.fr added the comment:
Actually, the pending stage is only for when things have been committed :)
See http://docs.python.org/devguide/triaging.html#triaging
--
resolution: later - accepted
stage: patch review - commit review
status: pending - open
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20428/python-underscore_crypt-3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Antoine Pitrou pit...@free.fr added the comment:
Can you use diff -u (or simply svn diff) when generating a patch?
6) I don't know, I thought everything in Python 3 was a new style
class?
It is indeed.
--
___
Python tracker rep...@bugs.python.org
Sean Reifschneider j...@tummy.com added the comment:
Sure thing, here's an svn diff. I had switched to the diff because I
couldn't get it to patch into a fresh trunk, but the format looked fine; not
sure why it couldn't find the files. Anyway, here's a new version.
--
Added file:
Antoine Pitrou pit...@free.fr added the comment:
Sure thing, here's an svn diff. I had switched to the diff because
I couldn't get it to patch into a fresh trunk, but the format looked
fine; not sure why it couldn't find the files. Anyway, here's a new
version.
You also have to svn add
Sean Reifschneider j...@tummy.com added the comment:
Not sure if that was meant to be a suggestion for why my local patching wasn't
working from the svn diff output, but obviously -5 was messed up. Here's a
new version that I can apply to my fresh trunk and passes make test.
If the
Antoine Pitrou pit...@free.fr added the comment:
Not sure if that was meant to be a suggestion for why my local
patching wasn't working from the svn diff output, but obviously -5
was messed up. Here's a new version that I can apply to my fresh
trunk and passes make test.
Thank you! The
Sean Reifschneider j...@tummy.com added the comment:
Thanks for the pointer about patch -p0. I *HAD* tried that, but it didn't
seem to work either. I'll double check that though... svn diff is what I'd
prefer, because then I can svn commit it when it's ready.
Any other review feedback?
Antoine Pitrou pit...@free.fr added the comment:
Thanks for the pointer about patch -p0. I *HAD* tried that, but it
didn't seem to work either. I'll double check that though... svn
diff is what I'd prefer, because then I can svn commit it when it's
ready.
Ok, it seems the code inside
Sean Reifschneider j...@tummy.com added the comment:
Affirmative on the svn mv for the C module.
The duplicated code, thanks for pointing that out. Someone else mentioned it,
but I didn't understand what they were saying and they didn't reply to my
request for clarification. Fixed.
On the
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20433/python-underscore_crypt-4.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20442/python-underscore_crypt-5.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20443/python-underscore_crypt-6.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Changes by Raymond Hettinger rhettin...@users.sourceforge.net:
--
nosy: +rhettinger
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
___
Antoine Pitrou pit...@free.fr added the comment:
You forgot to add the new files to your patch.
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Sean Reifschneider j...@tummy.com added the comment:
Oops, thanks. It's in there now, though for some reason I can't get this patch
to apply to trunk, but I'll have to look at that later this afternoon. I
wanted to get this new version up in the interim since it definitely does
include the
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20422/python-underscore_crypt.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Sean Reifschneider j...@tummy.com added the comment:
I've made a new .patch file using diff -c rather than svn diff. This is
the same code, but applies without manual intervention.
--
Added file: http://bugs.python.org/file20428/python-underscore_crypt-3.patch
Changes by Sean Reifschneider j...@tummy.com:
Removed file: http://bugs.python.org/file20427/python-underscore_crypt-2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10924
___
Nicolas Dumazet nicd...@gmail.com added the comment:
Hello,
1) Can you please avoid putting several statements in the same line?
2) wouldnt it be better to compute only once the contents of methods()? I'm not
sure that module-initialization time is okay for CPython, but at the very least
you
Sean Reifschneider j...@tummy.com added the comment:
Thanks for the review. Attached is a new version of the patch.
1) Done.
2) Good point, I didn't think of that. I've changed it into a class that
stores the methods list, and made the module methods point to that method on
an instance of
New submission from Sean Reifschneider j...@tummy.com:
Over the years I've written the same code over and over to create a random salt
string of 2 characters. Worse, the Modular Crypt Format is difficult to find
documentation on, so creating stronger hashed passwords is difficult to get
36 matches
Mail list logo
