From 6c96dd0a469aafa2592641ae3b3d820aaabd7d35 Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Tue, 12 May 2020 12:27:50 -0400 Subject: docs: minor adjusted to doc language --- docs/history/1.7.rst | 25 +++++++++++++------------ passlib/exc.py | 9 ++++++--- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/docs/history/1.7.rst b/docs/history/1.7.rst index 6497550..74d18b9 100644 --- a/docs/history/1.7.rst +++ b/docs/history/1.7.rst @@ -32,13 +32,7 @@ Bugfixes * .. py:currentmodule:: passlib.hash - :class:`bcrypt_sha256`: Internal algorithm has been changed to use HMAC-SHA256 instead of - plain SHA256. This should strengthen the hash against brute-force attempts which bypass - the intermediary hash by using known-sha256-digest lookup tables (:issue:`114`). - -* .. py:currentmodule:: passlib.hash - - :class:`bcrypt`: OS native backend wasn't being detected under Python 3 on BSD platforms. + :class:`bcrypt`: Under python 3, OS native backend wasn't being detected on BSD platforms. This was due to a few internal issues in feature-detection code, which have been fixed. * :func:`passlib.utils.safe_crypt`: Support :func:`crypt.crypt` unexpectedly @@ -50,17 +44,24 @@ Bugfixes * :mod:`passlib.ext.django`: fixed lru_cache import (django 3 compatibility) * :mod:`!passlib.tests`: fixed bug where :meth:`HandlerCase.test_82_crypt_support` wasn't - being run on systems lacking support for hasher being tested. Now runs regardless of support. + being run on systems lacking support for the hasher being tested. + This test now runs regardless of system support. Other Changes ------------- * .. py:currentmodule:: passlib.hash - :class:`bcrypt`: OS native backend now raises the new :exc:`~passlib.exc.PasswordValueError` - if password is provided as non-UTF8 bytes under python 3. - These can't be passed through, due to limitation in stdlib's :func:`!crypt.crypt`. - (Prior to this release, it would it incorrectly raise :exc:`~passlib.exc.MissingBackendError` instead). + :class:`bcrypt_sha256`: Internal algorithm has been changed to use HMAC-SHA256 instead of + plain SHA256. This should strengthen the hash against brute-force attempts which bypass + the intermediary hash by using known-sha256-digest lookup tables (:issue:`114`). + +* .. py:currentmodule:: passlib.hash + + :class:`bcrypt`: OS native backend ("os_crypt") now raises the new :exc:`~passlib.exc.PasswordValueError` + if password is provided as non-UTF8 bytes under python 3 + (These can't be passed through, due to limitation in stdlib's :func:`!crypt.crypt`). + Prior to this release, it confusingly raised :exc:`~passlib.exc.MissingBackendError` instead. Also improved legacy bcrypt format workarounds, to support a few more UTF8 edge cases than before. diff --git a/passlib/exc.py b/passlib/exc.py index 42d3928..280043d 100644 --- a/passlib/exc.py +++ b/passlib/exc.py @@ -31,9 +31,10 @@ class MissingBackendError(RuntimeError): class PasswordValueError(ValueError): """ Error raised if a password can't be hashed / verified for various reasons. + This exception derives from the builtin :exc:`!ValueError`. May be thrown directly when password violates internal invariants of hasher - (e.g. some don't support NULL characters); may also throw more specified subclasses, + (e.g. some don't support NULL characters). Hashers may also throw more specific subclasses, such as :exc:`!PasswordSizeError`. .. versionadded:: 1.7.3 @@ -47,12 +48,14 @@ class PasswordSizeError(PasswordValueError): by Passlib (by default, 4096 characters); or if password exceeds a hash-specific size limitation. + This exception derives from :exc:`PasswordValueError` (above). + Many password hash algorithms take proportionately larger amounts of time and/or memory depending on the size of the password provided. This could present a potential denial of service (DOS) situation if a maliciously large password is provided to an application. Because of this, Passlib enforces a maximum size limit, but one which should be *much* larger - than any legitimate password. :exc:`!PasswordSizeError` derives + than any legitimate password. :exc:`PasswordSizeError` derives from :exc:`!ValueError`. .. note:: @@ -81,7 +84,7 @@ class PasswordSizeError(PasswordValueError): class PasswordTruncateError(PasswordSizeError): """ Error raised if password would be truncated by hash. - This derives from :exc:`PasswordSizeError` and :exc:`ValueError`. + This derives from :exc:`PasswordSizeError` (above). Hashers such as :class:`~passlib.hash.bcrypt` can be configured to raises this error by setting ``truncate_error=True``. -- cgit v1.2.1