ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Include '/' & '.' when password_hash generates a new salt

Browse source 
The password_hash filter will generate a salt value if none is supplied.
The character set used by Ansible

(upper & lowercase letters, digits)

did not match that used by libc crypt

(upper & lowercase letters, digits, full stop, forward slash).

This resulted in a slightly smaller key space, and hence hashes would be
slightly easier to attack (e.g. by dictionary, brute force).
This commit is contained in:
Alex Willmer 2017-03-30 16:37:50 +01:00 committed by Toshio Kuratomi
parent f5f7a8c681
commit f5aa9df1fd
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/ansible/plugins/filter/core.py
View file

@ -256,7 +256,8 @@ def get_encrypted_password(password, hashtype='sha512', salt=None):
saltsize = 8 saltsize = 8
else: else:
saltsize = 16 saltsize = 16
salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(saltsize)]) saltcharset = string.ascii_letters + string.digits + '/.'
salt = ''.join([r.choice(saltcharset) for _ in range(saltsize)])
if not HAS_PASSLIB: if not HAS_PASSLIB:
if sys.platform.startswith('darwin'): if sys.platform.startswith('darwin'):