782356d421
According to https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html: > salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended). > If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z]. Until now, we were using invalid characters (like `-`). We were also going over the requested length limit of 16 characters. This is most likely what was causing `ValueError` exceptions for some people, as reported in #209 (Github Issue). Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries to use passlib if available and falls back to Python's `crypt` module if not. For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib. Looks like crypt is forgiving when length or character requirements are not obeyed. It would auto-trim a salt string to make it work, which means that we could end up with the same hash if we call it with salts which aer only different after their 16th character. For these reasons (crypt autotriming and passlib downright complaining), we're now using shorter and more diverse salts. |
||
---|---|---|
.. | ||
matrix_servers |