Ticket #6028: md5-crypt-as-algo-name.diff

File md5-crypt-as-algo-name.diff, 1.2 KB (added by Antti Kaihola, 11 years ago)

algorithm name must be explicitly set to "md5-crypt" for MD5 crypt passwords; salt must still start with $1

  • django/contrib/auth/models.py

     
    1919def get_hexdigest(algorithm, salt, raw_password):
    2020    """
    2121    Returns a string of the hexdigest of the given plaintext password and salt
    22     using the given algorithm ('md5', 'sha1' or 'crypt').
     22    using the given algorithm ('md5', 'sha1', 'crypt' or 'md5-crypt').
    2323    """
    2424    raw_password, salt = smart_str(raw_password), smart_str(salt)
    25     if algorithm == 'crypt':
     25    if algorithm in ('crypt', 'md5-crypt'):
    2626        try:
    2727            import crypt
    2828        except ImportError:
     
    5151    Returns a boolean of whether the raw_password was correct. Handles
    5252    encryption formats behind the scenes.
    5353    """
    54     algo, salt, hsh = enc_password.split('$')
     54    algo, salt_and_hash = enc_password.split('$', 1)
     55    if algo == 'md5-crypt':
     56        salt = hsh = salt_and_hash
     57    else:
     58        salt, hsh = salt_and_hash.rsplit('$', 1)
    5559    return hsh == get_hexdigest(algo, salt, raw_password)
    5660
    5761class SiteProfileNotAvailable(Exception):
Back to Top