added nthash support; document updates

6 files changed, 55 insertions, 16 deletions

diff --git a/docs/conf.py b/docs/conf.py
index 206a63a..e6b92cb 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -16,6 +16,8 @@
 
 import os, sys
 
+options = os.environ.get("PASSLIB_DOCS", "")
+
 #make sure passlib in sys.path
 doc_root = os.path.abspath(os.path.join(__file__,os.path.pardir))
 source_root = os.path.abspath(os.path.join(doc_root,os.path.pardir))
@@ -109,8 +111,8 @@ pygments_style = 'sphinx'
 modindex_common_prefix = [ "passlib." ]
 
 # -- Options for all output ---------------------------------------------------
-todo_include_todos = "todos" in os.environ.get("PASSLIB_DOCS","")
-keep_warnings = True
+todo_include_todos = "hide-todos" not in options
+keep_warnings = "hide-warnings" not in options
 
 # -- Options for HTML output ---------------------------------------------------
 
diff --git a/docs/lib/passlib.hash.md5_crypt.rst b/docs/lib/passlib.hash.md5_crypt.rst
index 76c0b96..4fb9db9 100644
--- a/docs/lib/passlib.hash.md5_crypt.rst
+++ b/docs/lib/passlib.hash.md5_crypt.rst
@@ -3,7 +3,7 @@
 ==================================================================
 
 .. module:: passlib.hash.md5_crypt
-    :synopsis: MD5-Crypt
+    :synopsis: MD5 Crypt
 
 This algorithm was developed to replace the aging des-crypt crypt.
 It is supported by a wide variety of unix flavors, and is found
diff --git a/docs/lib/passlib.hash.nthash.rst b/docs/lib/passlib.hash.nthash.rst
index a8885b5..bc6a6b1 100644
--- a/docs/lib/passlib.hash.nthash.rst
+++ b/docs/lib/passlib.hash.nthash.rst
@@ -9,14 +9,32 @@
 
     This scheme is notoriously weak (since it's based on :mod:`~passlib.utils.md4`).
     Online tables exist for quickly performing pre-image attacks on this scheme.
-    **Do not use** in new code.
+    **Do not use** in new code. Stop using in old code if possible.
 
-This handler implements the Windows NT-HASH algorithm,
-encoded in a format compatible with the :ref:`modular-crypt-format`.
+This module implements the Windows NT-HASH algorithm,
+encoded in a manner compatible with the :ref:`modular-crypt-format`.
 It is found on some unix systems where the administrator has decided
 to store user passwords in a manner compatible with the SMB/CIFS protocol.
 
-It supports two identifiers, ``$3$`` and ``$NT$``, though it defaults to ``$3$``.
+It supports two identifiers, ``$3$`` and ``$NT$``, though this
+implementation defaults to ``$3$``.
+
+It has no salt, or variable rounds.
+
+Usage
+=====
+
+.. todo::
+
+    document usage
+
+Functions
+=========
+.. autofunction:: genconfig
+.. autofunction:: genhash
+.. autofunction:: encrypt
+.. autofunction:: identify
+.. autofunction:: verify
 
 In addition to the normal password hash api, this module also exposes
 the following method:
@@ -25,3 +43,12 @@ the following method:
 
     perform raw nthash calculation, returning either
     raw digest, or as lower-case hexidecimal characters.
+
+Format & Algorithm
+==================
+A nthash encoded for crypt consists of ``$3$$<checksum>`` or
+``$NT$<checksum>``; where ``checksum`` is 32 hexidecimal digits
+encoding the checksum. An example hash (of ``password``) is ``$3$$8846f7eaee8fb117ad06bdd830b7586c``.
+
+The checksum is simply the :mod:`~passlib.utils.md4` digest
+of the secret using the ``UTF16-LE`` encoding.
diff --git a/docs/lib/passlib.hash.phpass.rst b/docs/lib/passlib.hash.phpass.rst
index 3808501..8004f39 100644
--- a/docs/lib/passlib.hash.phpass.rst
+++ b/docs/lib/passlib.hash.phpass.rst
@@ -29,8 +29,8 @@ Functions
 .. autofunction:: identify
 .. autofunction:: verify
 
-Format
-======
+Format & Algorithm
+==================
 An phpass portable hash string has length 34, with the format ``$P$<rounds><salt><checksum>``;
 where ``<rounds>`` is a single character encoding a 6-bit integer,
 ``<salt>`` is an eight-character salt, and ``<checksum>`` is an encoding
@@ -40,12 +40,10 @@ An example hash (of ``password``) is ``$P$8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1``;
 the rounds are encoded in ``8``, the salt is ``ohUJ.1sd``,
 and the checksum is ``Fw09/bMaAQPTGDNi2BIUt1``.
 
-Algorithm
-=========
-PHPass uses a straightforward algorithm:
+PHPass uses a straightforward algorithm to calculate the checksum:
 
 * an initial result is generated from the MD5 digest of the salt string + the secret.
-* for 2**rounds repetitions, a new result is created from the MD5 digest of the last result + the secret.
+* for ``2**rounds`` repetitions, a new result is created from the MD5 digest of the last result + the secret.
 * the last result is then encoded according to the format described above.
 
 Deviations
@@ -58,4 +56,4 @@ This implementation of phpass differs from the specification:
 
 References
 ==========
-* `<http://www.openwall.com/phpass/>` - PHPass homepage, which describes the algorithm
+* `<http://www.openwall.com/phpass/>`_ - PHPass homepage, which describes the algorithm
diff --git a/docs/lib/passlib.utils.h64.rst b/docs/lib/passlib.utils.h64.rst
index 9709ea1..548720c 100644
--- a/docs/lib/passlib.utils.h64.rst
+++ b/docs/lib/passlib.utils.h64.rst
@@ -22,15 +22,27 @@ and decoding strings in that format.
     when in fact bcrypt uses the standard base64 encoding scheme,
     but with ``+`` replaced with ``.``.
 
-.. data:: CHARS
+Constants
+=========
+.. object:: CHARS = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 
     The character set used by the Hash-64 format.
     A character's index in CHARS denotes it's corresponding 6-bit integer value.
 
+Bytes <-> Hash64
+================
+
+.. autofunction:: encode_bytes
 .. autofunction:: encode_3_offsets
 .. autofunction:: encode_2_offsets
 .. autofunction:: encode_1_offset
 
+Int <-> Hash64
+==============
+
+.. autofunction:: decode_int6
+.. autofunction:: encode_int6
+
 .. autofunction:: decode_int12
 .. autofunction:: encode_int12
 
diff --git a/docs/lib/passlib.utils.rst b/docs/lib/passlib.utils.rst
index 3c6a627..91788f4 100644
--- a/docs/lib/passlib.utils.rst
+++ b/docs/lib/passlib.utils.rst
@@ -46,7 +46,7 @@ Object Tests
 
 .. todo::
 
-    .. autofunction:: is_crypt_context
+    is_crypt_context
 
 Crypt Handler Helpers
 =====================