diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2017-01-30 13:18:24 -0500 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2017-01-30 13:18:24 -0500 |
commit | 1fa1999d529392b0f7c7f8ea7ccf116abc9ae360 (patch) | |
tree | 534f86ddf967d5c2e24f6a5e865d3e8a3d374588 /docs/history | |
parent | 13d93d9beeedbff4dca296c819116a3a103a376e (diff) | |
download | passlib-1fa1999d529392b0f7c7f8ea7ccf116abc9ae360.tar.gz |
bugfix: passlib.hash.cisco_pix & cisco_asa: major overhaul of internal implementation,
fixed a number of edge cases where we were generating the wrong thing.
tests
-----
* expanded test vectors, and ran them against an ASA 9.6 system.
marked out all vectors that were verified on 9.6 system.
found that user appending, and various size thresholds, weren't being
performed correctly by cisco_pix & cisco_asa -- certain hashes generated prior
to this will be "unverifiable" by a Cisco system.
* consolidated shared pix & asa tests into common base class.
* added test for "spoil_digest" codepath that's been added to cisco_pix _calc_digest()
(see below).
hashers
-------
* cisco_pix & cisco_asa now reject too-large passwords, and silently
return False when verifying them; to match Cisco behavior.
updated truncate policy flags to match new behavior.
* overhaul of _calc_checksum(), to fix identified issues,
lay out guesses & reasoning, and added some citations.
docs
----
* updated docs to list new algorithm, and conditions where the old code
would generate a bad hash.
* general cleanup of doc layout for these hashes
* updated "Cisco Hashes" section to give better listing of known hash formats.
Diffstat (limited to 'docs/history')
-rw-r--r-- | docs/history/1.7.rst | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/docs/history/1.7.rst b/docs/history/1.7.rst index 70d31db..f3dec53 100644 --- a/docs/history/1.7.rst +++ b/docs/history/1.7.rst @@ -5,14 +5,20 @@ Passlib 1.7 **1.7.1** (NOT YET RELEASED) ============================ -.. py:currentmodule:: passlib.ifc - This release rolls up assorted bug & compatibility fixes since 1.7.0. Bugfixes -------- +* .. py:currentmodule:: passlib.hash + + :class:`cisco_asa` and :class:`cisco_pix`: Fixed a number of issues + which under :ref:`certain conditions <passlib-asa96-bug>` + caused prior releases to generate hashes that were unverifiable + on Cisco systems. + +* .. py:currentmodule:: passlib.ifc -* :meth:`PasswordHash.hash` will now warn if passed any settings + :meth:`PasswordHash.hash` will now warn if passed any settings keywords. This usage was deprecated in 1.7.0, but warning wasn't properly enabled. See :ref:`hash-configuring` for the preferred way to pass settings. |