Hashing Methods¶

Thecrypt module defines the list of hashing methods (not all methodsare available on all platforms):

crypt.METHOD_SHA512¶

A Modular Crypt Format method with 16 character salt and 86 characterhash based on the SHA-512 hash function. This is the strongest method.

crypt.METHOD_SHA256¶

Another Modular Crypt Format method with 16 character salt and 43character hash based on the SHA-256 hash function.

crypt.METHOD_BLOWFISH¶

Another Modular Crypt Format method with 22 character salt and 31character hash based on the Blowfish cipher.

New in version 3.7.

crypt.METHOD_MD5¶

Another Modular Crypt Format method with 8 character salt and 22character hash based on the MD5 hash function.

crypt.METHOD_CRYPT¶

The traditional method with a 2 character salt and 13 characters ofhash. This is the weakest method.

Module Attributes¶

crypt.methods¶

A list of available password hashing algorithms, ascrypt.METHOD_* objects. This list is sorted from strongest toweakest.

Module Functions¶

Thecrypt module defines the following functions:

crypt.crypt(word,salt=None)¶

word will usually be a user’s password as typed at a prompt or in a graphicalinterface. The optionalsalt is either a string as returned frommksalt(), one of thecrypt.METHOD_* values (though not allmay be available on all platforms), or a full encrypted passwordincluding salt, as returned by this function. Ifsalt is notprovided, the strongest method available inmethods will be used.

Checking a password is usually done by passing the plain-text passwordasword and the full results of a previouscrypt() call,which should be the same as the results of this call.

salt (either a random 2 or 16 character string, possibly prefixed with$digit$ to indicate the method) which will be used to perturb theencryption algorithm. The characters insalt must be in the set[./a-zA-Z0-9], with the exception of Modular Crypt Format whichprefixes a$digit$.

Returns the hashed password as a string, which will be composed ofcharacters from the same alphabet as the salt.

Since a fewcrypt(3) extensions allow different values, withdifferent sizes in thesalt, it is recommended to use the full cryptedpassword as salt when checking for a password.

Changed in version 3.3:Acceptcrypt.METHOD_* values in addition to strings forsalt.

crypt.mksalt(method=None,*,rounds=None)¶

Return a randomly generated salt of the specified method. If nomethod is given, the strongest method available inmethods isused.

The return value is a string suitable for passing as thesalt argumenttocrypt().

rounds specifies the number of rounds forMETHOD_SHA256,METHOD_SHA512 andMETHOD_BLOWFISH.ForMETHOD_SHA256 andMETHOD_SHA512 it must be an integer between1000 and999_999_999, the default is5000. ForMETHOD_BLOWFISH it must be a power of two between16 (2⁴)and2_147_483_648 (2³¹), the default is4096(2¹²).

New in version 3.3.

Changed in version 3.7:Added therounds parameter.

Examples¶

A simple example illustrating typical use (a constant-time comparisonoperation is needed to limit exposure to timing attacks.hmac.compare_digest() is suitable for this purpose):

importpwdimportcryptimportgetpassfromhmacimportcompare_digestascompare_hashdeflogin():username=input('Python login: ')cryptedpasswd=pwd.getpwnam(username)[1]ifcryptedpasswd:ifcryptedpasswd=='x'orcryptedpasswd=='*':raiseValueError('no support for shadow passwords')cleartext=getpass.getpass()returncompare_hash(crypt.crypt(cleartext,cryptedpasswd),cryptedpasswd)else:returnTrue

To generate a hash of a password using the strongest available method andcheck it against the original:

importcryptfromhmacimportcompare_digestascompare_hashhashed=crypt.crypt(plaintext)ifnotcompare_hash(hashed,crypt.crypt(plaintext,hashed)):raiseValueError("hashed version doesn't validate against original")