[New-bugs-announce] [issue8596] crypt blowfish 'ignores' salt

[pvo]

New submission from pvo <user+python at localhost.localdomain.org>:

Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite the different salts, crypt ignores the salt and produces identical encrypted passwords.
The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python 2.6.4 (r264:7570) (both from the ports)

python2.6 crypt_blf.py 
 salt: '$2a$05$)O\x0e9\xb7\xb0\xc9\xd6)v.\xd3\x03\xea!\xc1$'
$2a$05$t59ktwmm7.WpI...../5uuAazXv5nUvrWyN1EzMcL6/EQ0HrNyJwq
 salt: '$2a$05$\x1ak\x0c\xfbF\xf5\xdf\xb4\x99\xa6\x12\x81\x8d\xce\xea\x19$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$\x80:\x14\xbb\xc3R\x95\xb9\xcb\xf0#\x04\xbf"\xf7\xe9$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$i\x01 \x10\x13#\xe3\xdc\x80\x90[3\xd5@(\x96$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$<\xa8CY\xa6\x018\xe7\x0b}\x92\xd3\xa1L1\xfb$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey

----------
components: Library (Lib)
files: crypt_blf.py
messages: 104768
nosy: pvo
priority: normal
severity: normal
status: open
title: crypt blowfish 'ignores' salt
type: behavior
versions: Python 2.5, Python 2.6
Added file: http://bugs.python.org/file17181/crypt_blf.py

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8596>
_______________________________________