added passlib.hash.bcrypt_sha256

* not too much trouble, and definitely needed.
  after considering options, decided to use sha256 + base64.
* added note re: bcrypt password truncation
* HasBackend mixin -- changed to use _calc_checksum_backend()
  as the attribute it patches, instead of _calc_checksum().
  makes it easier to consolidate code common to all backends (e.g. bcrypt)
* test_60_secret_size: changed hardcoded exception list to a class flag
* added registry test to make sure all hashes are being tested
  (with a few known exceptions)
* clarified names inside builtin bcrypt backend
* updated changelog

3 files changed, 88 insertions, 1 deletions

diff --git a/docs/lib/passlib.hash.bcrypt.rst b/docs/lib/passlib.hash.bcrypt.rst
index b94dfa8..eafe7ac 100644
--- a/docs/lib/passlib.hash.bcrypt.rst
+++ b/docs/lib/passlib.hash.bcrypt.rst
@@ -93,6 +93,21 @@ While BCrypt's basic algorithm is described in it's design document [#f1]_,
 the OpenBSD implementation [#f2]_ is considered the canonical reference, even
 though it differs from the design document in a few small ways.
 
+Security Issues
+===============
+
+.. _bcrypt-password-truncation:
+
+* Password Truncation.
+
+  While not a security issue per-se, bcrypt does have one major limitation:
+  password are truncated on the first NULL byte (if any),
+  and only the first 72 bytes of a password are hashed... all the rest are ignored.
+  Furthermore, bytes 55-72 are not fully mixed into the resulting hash (citation needed!).
+  To work around both these issues, many applications first run the password through a message
+  digest such as SHA2-256. Passlib offers the premade :doc:`passlib.hash.bcrypt_sha256`
+  to take care of this issue.
+
 Deviations
 ==========
 This implementation of bcrypt differs from others in a few ways:
diff --git a/docs/lib/passlib.hash.bcrypt_sha256.rst b/docs/lib/passlib.hash.bcrypt_sha256.rst
new file mode 100644
index 0000000..22420db
--- /dev/null
+++ b/docs/lib/passlib.hash.bcrypt_sha256.rst
@@ -0,0 +1,71 @@
+==================================================================
+:class:`passlib.hash.bcrypt_sha256` - BCrypt+SHA256
+==================================================================
+
+.. versionadded:: 1.6.2
+
+.. currentmodule:: passlib.hash
+
+BCrypt was developed to replace :class:`~passlib.hash.md5_crypt` for BSD systems.
+It uses a modified version of the Blowfish stream cipher.
+It does, however, truncate passwords to 72 bytes, and some other minor quirks
+(see :ref:`BCrypt Password Truncation <bcrypt-password-truncation>` for details).
+This class works around that issue by first running the password through SHA2-256.
+This class can be used directly as follows::
+
+    >>> from passlib.hash import bcrypt_sha256
+
+    >>> # generate new salt, encrypt password
+    >>> h = bcrypt_sha256.encrypt("password")
+    >>> h
+    '$bcrypt-sha256$2a,12$LrmaIX5x4TRtAwEfwJZa1.$2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO'
+
+    >>> # the same, but with an explicit number of rounds
+    >>> bcrypt.encrypt("password", rounds=8)
+    '$bcrypt-sha256$2a,8$UE3dIZ.0I6XZtA/LdMrrle$Ag04/5zYu./12.OSqInXZnJ.WZoh1ua'
+
+    >>> # verify password
+    >>> bcrypt.verify("password", h)
+    True
+    >>> bcrypt.verify("wrong", h)
+    False
+
+.. note::
+
+    It is strongly recommended that you install
+    `bcrypt <https://pypi.python.org/pypi/bcrypt>`_
+    or `py-bcrypt <https://pypi.python.org/pypi/py-bcrypt>`_
+    when using this hash. See :doc:`passlib.hash.bcrypt` for more details.
+
+Interface
+=========
+.. autoclass:: bcrypt_sha256()
+
+Format
+======
+Bcrypt-SHA256 is compatible with the :ref:`modular-crypt-format`, and uses ``$bcrypt-sha256$`` as the identifying prefix
+for all it's strings.
+An example hash (of ``password``) is:
+
+  ``$bcrypt-sha256$2a,12$LrmaIX5x4TRtAwEfwJZa1.$2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO``
+
+Bcrypt-SHA256 hashes have the format :samp:`$bcrypt-sha256${variant},{rounds}${salt}${checksum}`, where:
+
+* :samp:`{variant}` is the BCrypt variant in use (usually, as in this case, ``2a``).
+* :samp:`{rounds}` is a cost parameter, encoded as decimal integer,
+  which determines the number of iterations used via :samp:`{iterations}=2**{rounds}` (rounds is 12 in the example).
+* :samp:`{salt}` is a 22 character salt string, using the characters in the regexp range ``[./A-Za-z0-9]`` (``LrmaIX5x4TRtAwEfwJZa1.`` in the example).
+* :samp:`{checksum}` is a 31 character checksum, using the same characters as the salt (``2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO`` in the example).
+
+Algorithm
+=========
+The algorithm this hash uses is as follows:
+
+* first the password is encoded to ``UTF-8`` if not already encoded.
+* then it's run through SHA2-256 to generate a 32 byte digest.
+* this is encoded using base64, resulting in a 44-byte result
+  (including the trailing padding ``=``). For the example ``"password"``,
+  the output from this stage would be ``"XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg="``.
+* this base64 string is then passed on to the underlying bcrypt algorithm
+  as the new password to be hashed. See :doc:`passlib.hash.bcrypt` for details
+  on it's operation.
diff --git a/docs/lib/passlib.hash.rst b/docs/lib/passlib.hash.rst
index 906f301..8817f74 100644
--- a/docs/lib/passlib.hash.rst
+++ b/docs/lib/passlib.hash.rst
@@ -10,7 +10,7 @@ Overview
 The :mod:`!passlib.hash` module contains all the password hash algorithms built into Passlib.
 While each hash has it's own options and output format, they all share a common interface,
 documented in detail in the :ref:`password-hash-api`. The following pages
-describe the common interface, and then describe each hash in detail 
+describe the common interface, and then describe each hash in detail
 (including it's format, underlying algorithm, and known security issues).
 
 .. seealso:: :doc:`Quickstart Guide </new_app_quickstart>` -- advice on
@@ -123,6 +123,7 @@ they can be used compatibly along side other modular crypt format hashes.
     :maxdepth: 1
 
     passlib.hash.apr_md5_crypt
+    passlib.hash.bcrypt_sha256
     passlib.hash.phpass
     passlib.hash.pbkdf2_digest
     passlib.hash.cta_pbkdf2_sha1