diff options
| author | Eli Collins <elic@assurancetechnologies.com> | 2011-05-03 12:07:27 -0400 |
|---|---|---|
| committer | Eli Collins <elic@assurancetechnologies.com> | 2011-05-03 12:07:27 -0400 |
| commit | d5a3929ff9916a1bc17e1b071b4bf8cac81bc2da (patch) | |
| tree | 14f3b1846738a68632e2b603484946ac05d53a83 /docs | |
| parent | 103e0d85f8d779c7fc6ea296697e6274b545aa41 (diff) | |
| download | passlib-d5a3929ff9916a1bc17e1b071b4bf8cac81bc2da.tar.gz | |
minor doc changes
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/lib/passlib.hash.postgres_md5.rst | 4 | ||||
| -rw-r--r-- | docs/modular_crypt_format.rst | 8 |
2 files changed, 8 insertions, 4 deletions
diff --git a/docs/lib/passlib.hash.postgres_md5.rst b/docs/lib/passlib.hash.postgres_md5.rst index 3c24f07..9d8d7ab 100644 --- a/docs/lib/passlib.hash.postgres_md5.rst +++ b/docs/lib/passlib.hash.postgres_md5.rst @@ -62,7 +62,7 @@ PostgreSQL account passwords, due to the following flaws: * Since the keyspace of ``user+password`` is still a subset of ascii characters, existing MD5 lookup tables have an increased chance of being able to reverse common hashes. -* It's simplicity makes high-speed brute force attacks much more feasible. +* It's simplicity makes high-speed brute force attacks much more feasible [#brute]_ . References ========== @@ -71,3 +71,5 @@ References .. [#] Message explaining postgres md5 hash algorithm - `<http://archives.postgresql.org/pgsql-php/2003-01/msg00021.php>`_ + +.. [#brute] Blog post demonstrating brute-force attack `<http://pentestmonkey.net/blog/cracking-postgres-hashes/>`_. diff --git a/docs/modular_crypt_format.rst b/docs/modular_crypt_format.rst index 21b2053..d485821 100644 --- a/docs/modular_crypt_format.rst +++ b/docs/modular_crypt_format.rst @@ -69,9 +69,9 @@ by the modular crypt format hashes found in passlib: identifying strings (eg ``$sha1$`` for :class:`sha1_crypt`); so in general identifier strings should not be assumed to use a single character. -3. Aside from the prefix, hashes should contain only ascii letters, - ascii numbers, and the characters in ``./``; though ``$`` - may be used as an internal field separator. +3. Aside from the prefix, hashes should contain only ascii letters a-z A-Z, + ascii numbers 0-9, and the characters ``./``; though additionally ``$`` + may/should be used as an internal field separator. This is the least adhered-to of any modular crypt format rule. Other characters (such as ``=``, ``,``) are sometimes @@ -111,6 +111,8 @@ by the modular crypt format hashes found in passlib: to clarify the issue of what the "modular crypt format" is. It is drawn from no authoritative sources. +.. index:: modular crypt format; known identifiers + .. _mcf-identifiers: Identifiers & Platform Support |