Opened 11 years ago
Closed 6 years ago
#7670 closed defect (invalid)
notebook -- evidently only the first 6 characters are significant???
Reported by: | was | Owned by: | was |
---|---|---|---|
Priority: | major | Milestone: | sage-duplicate/invalid/wontfix |
Component: | notebook | Keywords: | |
Cc: | Merged in: | ||
Authors: | Reviewers: | Karl-Dieter Crisman | |
Report Upstream: | N/A | Work issues: | |
Branch: | Commit: | ||
Dependencies: | Stopgaps: |
Description
Hi, There is a password issue with sage notebook account. Please read below: Sameer On Fri, Dec 11, 2009 at 1:22 PM, Sameer Regmi <> wrote: > On Fri, Dec 11, 2009 at 1:16 PM, Ondrej Certik <> wrote: >> On Fri, Dec 11, 2009 at 1:12 PM, Sameer <> wrote: >>> Hi I have found a weird issue with FEMhub online lab account. Let's >>> say my password is "nevada". Then whenever I enter any text (in >>> password field) with nevada as the prefix it will login. That means if >>> I enter nevada123 (or whatever as the suffix) it will >>> login. >> >> Seems like a bug in the Sage notebook. Could you please try to verify >> this against sagenb.org and if the problem is in there as well, >> could you please report it to the sage notebook list? > > Exactly! Its the bug in Sage notebook. The issue is there in sagenb.org too. > I even can login with "nevad" if the password is of nevada. I am > reporting to sage notebook list > > Sameer
Change History (9)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
But crypt supports whatever the OS's underlying crypt(3) supports. We could instead do, e.g.,
import crypt as c, random as r salt = repr(r.random())[2:] '77551456940940877' c.crypt('abcdefgh', '$6$' + salt + '$') '$6$7755145694094087$uW0RGjvJG3I.BDFKIAieUTPZkD4IGI6b8RtLt1fZ9czR0TefjriLwRGPItgPyZogDFsy.YorN24v2GM4YrBwK0' c.crypt('abcdefghi', '$6$' + salt + '$') '$6$7755145694094087$txEQuYAJlZ.042gqmPTeLSczXBv1sI6kSjzpbmU7o89rh.Tk7qUGHhLHtL1GIrVXmUdFrQBuIefktTTptuEq31'
If Linux and Mac OS X, at least, both support SHA-512, I suggest we use it by default. Should we generate each user's pseudo-random "salt" --- used to avoid clustering --- differently than above?
comment:3 Changed 7 years ago by
- Milestone changed from sage-5.11 to sage-5.12
comment:4 Changed 7 years ago by
- Milestone changed from sage-6.1 to sage-6.2
comment:5 Changed 7 years ago by
- Milestone changed from sage-6.2 to sage-6.3
comment:6 Changed 6 years ago by
- Milestone changed from sage-6.3 to sage-6.4
comment:7 Changed 6 years ago by
- Milestone changed from sage-6.4 to sage-duplicate/invalid/wontfix
- Reviewers set to Karl-Dieter Crisman
- Status changed from new to needs_review
I cannot replicate this, and it is so old I am going to ask to close this.
comment:8 Changed 6 years ago by
- Status changed from needs_review to positive_review
comment:9 Changed 6 years ago by
- Resolution set to invalid
- Status changed from positive_review to closed
Note: See
TracTickets for help on using
tickets.
Could the problem be
sagenb.notebook.user.User
's use of crypt:?