================================================================================= :class:`passlib.hash.bsdi_crypt` - BSDi (Extended DES) Crypt ================================================================================= .. currentmodule:: passlib.hash This algorithm was developed by BSDi for their BSD/OS distribution. It's based on :class:`~passlib.hash.des_crypt`, and contains a larger salt and a variable number of rounds. Nonetheless, since it's based on DES, and still shares many of des-crypt's other flaws, it should not be used in new applications. Usage ===== Aside from differences in format and salt size, ext-des-crypt usage is exactly the same as :class:`~passlib.hash.des_crypt`. .. todo:: this needs separate usage, showing rounds parameter. Functions ========= .. autoclass:: bsdi_crypt Format ====== An example hash (of ``password``) is ``_EQ0.jzhSVeUyoSqLupI``. An ext_des_crypt hash string consists of a 21 character string of the form ``_{rounds}{salt}{checksum}``. All characters except the underscore prefix are drawn from ``[./0-9A-Za-z]``. * ``_`` - the underscore is used to distinguish this scheme from others, such as des-crypt. * ``{rounds>`` is the number of rounds, stored as a 4 character :mod:`hash64 `-encoded 24-bit integer (``EQ0.`` in the example). * ``{salt}`` is the salt, stored as as a 4 character hash64-encoded 24-bit integer (``jzhS`` in the example). * ``{checksum}`` is the checksum, stored as an 11 character hash64-encoded 64-bit integer (``VeUyoSqLupI`` in the example). A ext_des_crypt configuration string is also accepted by this module; and has the same format as the hash string, but with the checksum portion omitted. Algorithm ========= The checksum is formed by a modified version of the DES cipher in encrypt mode: * First, the lower 7 bits of the first 8 characters of the password are used to form a 56-bit DES key, in the same manner as des-crypt. * Unlike des-crypt, the remainder of the password is also used. For every additional 8 characters in the password, the key is encrypted using a single round of DES, with itself as the input block. It is then xor'ed against the lower 7 bits of the next 8 characters in the password. This is repeated until the password is used up. * The checksum is then generated by recursively performing a variable number rounds of DES encryption starting with a null input block. The 24 bits of salt are used to mutate the action performed by each block of the DES key schedule (see the source of :func:`~passlib.utils.des.mdes_encrypt_int_block` for details). * The rounds, salt, and checksum are then encoded according the format as described above. Deviations ========== This implementation of ext-des-crypt differs from others in one way: * Before generating a hash, PassLib encodes unicode passwords using UTF-8. The original ext-des-crypt was designed for 7-bit us-ascii, so this should not conflict with most existing hashes. As of this writing, the authors know of no specification defining the official behavior that should be used in this situtation. References ========== * ``_ - primary source used for description of ext-des-crypt format & algorithm * ``_ - another source describing algorithm