YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[doc] add comment explaining choices in _hash_user_password

Browse source
This commit is contained in:
Laurent Peuch 2017-08-15 20:53:50 +02:00
parent 970d9b0207
commit 1cd121e801
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/yunohost/user.py
View file

@ -445,6 +445,16 @@ def _convertSize(num, suffix=''):
def _hash_user_password(password): def _hash_user_password(password):
char_set = string.ascii_uppercase + string.ascii_lowercase + string.digits + "./" char_set = string.ascii_uppercase + string.ascii_lowercase + string.digits + "./"
# This 16 number is chosen according to this documentation stating that
# this is the maximum number of salt possible
# https://www.safaribooksonline.com/library/view/practical-unix-and/0596003234/ch04s03.html
#
# SystemRandom is the cryptographically secure random method provided by python stl
# You can refer to this https://docs.python.org/2/library/random.html for
# confirmation (read the red square), it internally uses /dev/urandom
salt = ''.join([random.SystemRandom().choice(char_set) for x in range(16)]) salt = ''.join([random.SystemRandom().choice(char_set) for x in range(16)])
# Using "$6$" means that we uses sha-512 which is the strongest hash available on the system
# You can refer to this for more explainations https://www.redpill-linpro.com/techblog/2016/08/16/ldap-password-hash.html
salt = '$6$' + salt + '$' salt = '$6$' + salt + '$'
return '{CRYPT}' + crypt.crypt(str(password), salt) return '{CRYPT}' + crypt.crypt(str(password), salt)