зеркало из https://github.com/github/ruby.git
string.c: [DOC] fix indent [ci skip]
* string.c (rb_str_crypt): fix indent not to make the whole list verbatim entirely. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
Родитель
eee58ca611
Коммит
a265141c84
68
string.c
68
string.c
|
@ -9219,49 +9219,49 @@ rb_str_oct(VALUE str)
|
||||||
* backward compatibility with ruby scripts in earlier days. It is
|
* backward compatibility with ruby scripts in earlier days. It is
|
||||||
* bad to use in contemporary programs for several reasons:
|
* bad to use in contemporary programs for several reasons:
|
||||||
*
|
*
|
||||||
* * Behaviour of C's <code>crypt(3)</code> depends on the OS it is
|
* * Behaviour of C's <code>crypt(3)</code> depends on the OS it is
|
||||||
* run. The generated string lacks data portability.
|
* run. The generated string lacks data portability.
|
||||||
*
|
*
|
||||||
* * On some OSes such as Mac OS, <code>crypt(3)</code> never fails
|
* * On some OSes such as Mac OS, <code>crypt(3)</code> never fails
|
||||||
* (i.e. silently ends up in unexpected results).
|
* (i.e. silently ends up in unexpected results).
|
||||||
*
|
*
|
||||||
* * On some OSes such as Mac OS, <code>crypt(3)</code> is not
|
* * On some OSes such as Mac OS, <code>crypt(3)</code> is not
|
||||||
* thread safe.
|
* thread safe.
|
||||||
*
|
*
|
||||||
* * So-called "traditional" usage of <code>crypt(3)</code> is very
|
* * So-called "traditional" usage of <code>crypt(3)</code> is very
|
||||||
* very very weak. According to its manpage, Linux's traditional
|
* very very weak. According to its manpage, Linux's traditional
|
||||||
* <code>crypt(3)</code> output has only 2**56 variations; too
|
* <code>crypt(3)</code> output has only 2**56 variations; too
|
||||||
* easy to brute force today. And this is the default behaviour.
|
* easy to brute force today. And this is the default behaviour.
|
||||||
*
|
*
|
||||||
* * In order to make things robust some OSes implement so-called
|
* * In order to make things robust some OSes implement so-called
|
||||||
* "modular" usage. To go through, you have to do a complex
|
* "modular" usage. To go through, you have to do a complex
|
||||||
* build-up of the <code>salt_str</code> parameter, by hand.
|
* build-up of the <code>salt_str</code> parameter, by hand.
|
||||||
* Failure in generation of a proper salt string tends not to
|
* Failure in generation of a proper salt string tends not to
|
||||||
* yield any errors; typos in parameters are normally not
|
* yield any errors; typos in parameters are normally not
|
||||||
* detectable.
|
* detectable.
|
||||||
*
|
*
|
||||||
* * For instance, in the following example, the second invocation
|
* * For instance, in the following example, the second invocation
|
||||||
* of <code>String#crypt</code> is wrong; it has a typo in
|
* of <code>String#crypt</code> is wrong; it has a typo in
|
||||||
* "round=" (lacks "s"). However the call does not fail and
|
* "round=" (lacks "s"). However the call does not fail and
|
||||||
* something unexpected is generated.
|
* something unexpected is generated.
|
||||||
*
|
*
|
||||||
* "foo".crypt("$5$rounds=1000$salt$") # OK, proper usage
|
* "foo".crypt("$5$rounds=1000$salt$") # OK, proper usage
|
||||||
* "foo".crypt("$5$round=1000$salt$") # Typo not detected
|
* "foo".crypt("$5$round=1000$salt$") # Typo not detected
|
||||||
*
|
*
|
||||||
* * Even in the "modular" mode, some hash functions are considered
|
* * Even in the "modular" mode, some hash functions are considered
|
||||||
* archaic and no longer recommended at all; for instance module
|
* archaic and no longer recommended at all; for instance module
|
||||||
* <code>$1$</code> is officially abandoned by its author: see
|
* <code>$1$</code> is officially abandoned by its author: see
|
||||||
* http://phk.freebsd.dk/sagas/md5crypt_eol.html . For another
|
* http://phk.freebsd.dk/sagas/md5crypt_eol.html . For another
|
||||||
* instance module <code>$3$</code> is considered completely
|
* instance module <code>$3$</code> is considered completely
|
||||||
* broken: see the manpage of FreeBSD.
|
* broken: see the manpage of FreeBSD.
|
||||||
*
|
*
|
||||||
* * On some OS such as Mac OS, there is no modular mode. Yet, as
|
* * On some OS such as Mac OS, there is no modular mode. Yet, as
|
||||||
* written above, <code>crypt(3)</code> on Mac OS never fails.
|
* written above, <code>crypt(3)</code> on Mac OS never fails.
|
||||||
* This means even if you build up a proper salt string it
|
* This means even if you build up a proper salt string it
|
||||||
* generates a traditional DES hash anyways, and there is no way
|
* generates a traditional DES hash anyways, and there is no way
|
||||||
* for you to be aware of.
|
* for you to be aware of.
|
||||||
*
|
*
|
||||||
* "foo".crypt("$5$rounds=1000$salt$") # => "$5fNPQMxC5j6."
|
* "foo".crypt("$5$rounds=1000$salt$") # => "$5fNPQMxC5j6."
|
||||||
*
|
*
|
||||||
* If for some reason you cannot migrate to other secure contemporary
|
* If for some reason you cannot migrate to other secure contemporary
|
||||||
* password hashing algorithms, install the string-crypt gem and
|
* password hashing algorithms, install the string-crypt gem and
|
||||||
|
|
Загрузка…
Ссылка в новой задаче