- while there, fix WANTLIB and enable python 3 support; by me
Fix concurrency bug reported by Alan Fairless of spideroak.com:
Multiple threads may hash into the same memory area simultaneously.
This may manifest as occasional random authentication failures (as
user-a's password hash is compared to user-b's), but could potentially
be used to bypass password checking by an attacker (user-a attempts
login on user-b's account, while simultaneously flooding auth requests
against user-a's account to overwrite the hash).
py-bcrypt is a Python wrapper of OpenBSD's Blowfish password hashing code,
as described in "A Future-Adaptable Password Scheme" by Niels Provos and
David Mazières.
This system hashes passwords using a version of Bruce Schneier's
Blowfish block cipher with modifications designed to raise the cost of
off-line password cracking and frustrate fast hardware implementation.
The computation cost of the algorithm is parametised, so it can be
increased as computers get faster. The intent is to make a compromise
of a password database less likely to result in an attacker gaining
knowledge of the plaintext passwords (e.g. using John the Ripper).
