[New-bugs-announce] [issue42437] crypt produces wrong hashes for passwords containing dollar sign
Микаела Стоичкова
report at bugs.python.org
Sun Nov 22 09:23:49 EST 2020
New submission from Микаела Стоичкова <m.stoichkovaaa at gmail.com>:
I am having an issue with crypt library (Lib/crypt.py) when hashing passwords containing dolalr sign ("$") . I am using python 3.8.5 on Linux. To compare hashed passwords produced by crypt, I used openssl utilities.
When generating hashes for password without "$", crypt and openssl return the same result.
But when generating hashes for passwords containing $ dollar sign, crypt returns a result different from the result returned by openssl:
openssl passwd -6 "cash$money"
$6$C0UG33RcHmBVAjQ/$j1Tm2WSaZzDIzVQTgk71z6nY7fiJnaLe6Lxy8DzGystQ1Jive7IuqIUJq5s2F9wdXRpm8jNs7iksV8oHPVKYC0
python3 -c 'import crypt; print(crypt.crypt("cash$money","$6$C0UG33RcHmBVAjQ/"))'
$6$C0UG33RcHmBVAjQ/$Tm9aYQq7BsTT/awN6wiUZ6ysamqX9qUVKBV.TjML5udxWqupAB7luv/.KYypZnpQ9eI33R4Lw3O4Jx4NZjTEV/
I did not find a special mention for dollar sign in the documentation. Thanks for your help.
----------
components: Library (Lib)
messages: 381615
nosy: m.stoichkovaaa
priority: normal
severity: normal
status: open
title: crypt produces wrong hashes for passwords containing dollar sign
type: behavior
versions: Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42437>
_______________________________________
More information about the New-bugs-announce
mailing list