35.5.crypt — Function to check Unix passwords¶
Source code:Lib/crypt.py
This module implements an interface to thecrypt(3) routine, which isa one-way hash function based upon a modified DES algorithm; see the Unix manpage for further details. Possible uses include storing hashed passwordsso you can check passwords without storing the actual password, or attemptingto crack Unix passwords with a dictionary.
Notice that the behavior of this module depends on the actual implementation ofthecrypt(3) routine in the running system. Therefore, anyextensions available on the current implementation will also be available onthis module.
35.5.1.Hashing Methods¶
New in version 3.3.
Thecrypt module defines the list of hashing methods (not all methodsare available on all platforms):
crypt.METHOD_SHA512¶A Modular Crypt Format method with 16 character salt and 86 characterhash. This is the strongest method.
crypt.METHOD_SHA256¶Another Modular Crypt Format method with 16 character salt and 43character hash.
crypt.METHOD_MD5¶Another Modular Crypt Format method with 8 character salt and 22character hash.
crypt.METHOD_CRYPT¶The traditional method with a 2 character salt and 13 characters ofhash. This is the weakest method.
35.5.2.Module Attributes¶
New in version 3.3.
crypt.methods¶A list of available password hashing algorithms, as
crypt.METHOD_*objects. This list is sorted from strongest toweakest.
35.5.3.Module Functions¶
Thecrypt module defines the following functions:
crypt.crypt(word,salt=None)¶word will usually be a user’s password as typed at a prompt or in a graphicalinterface. The optionalsalt is either a string as returned from
mksalt(), one of thecrypt.METHOD_*values (though not allmay be available on all platforms), or a full encrypted passwordincluding salt, as returned by this function. Ifsalt is notprovided, the strongest method will be used (as returned bymethods()).Checking a password is usually done by passing the plain-text passwordasword and the full results of a previous
crypt()call,which should be the same as the results of this call.salt (either a random 2 or 16 character string, possibly prefixed with
$digit$to indicate the method) which will be used to perturb theencryption algorithm. The characters insalt must be in the set[./a-zA-Z0-9], with the exception of Modular Crypt Format whichprefixes a$digit$.Returns the hashed password as a string, which will be composed ofcharacters from the same alphabet as the salt.
Since a fewcrypt(3) extensions allow different values, withdifferent sizes in thesalt, it is recommended to use the full cryptedpassword as salt when checking for a password.
Changed in version 3.3:Accept
crypt.METHOD_*values in addition to strings forsalt.
crypt.mksalt(method=None)¶Return a randomly generated salt of the specified method. If nomethod is given, the strongest method available as returned by
methods()is used.The return value is a string either of 2 characters in length for
crypt.METHOD_CRYPT, or 19 characters starting with$digit$and16 random characters from the set[./a-zA-Z0-9], suitable forpassing as thesalt argument tocrypt().New in version 3.3.
35.5.4.Examples¶
A simple example illustrating typical use (a constant-time comparisonoperation is needed to limit exposure to timing attacks.hmac.compare_digest() is suitable for this purpose):
importpwdimportcryptimportgetpassfromhmacimportcompare_digestascompare_hashdeflogin():username=input('Python login: ')cryptedpasswd=pwd.getpwnam(username)[1]ifcryptedpasswd:ifcryptedpasswd=='x'orcryptedpasswd=='*':raiseValueError('no support for shadow passwords')cleartext=getpass.getpass()returncompare_hash(crypt.crypt(cleartext,cryptedpasswd),cryptedpasswd)else:returnTrue
To generate a hash of a password using the strongest available method andcheck it against the original:
importcryptfromhmacimportcompare_digestascompare_hashhashed=crypt.crypt(plaintext)ifnotcompare_hash(hashed,crypt.crypt(plaintext,hashed)):raiseValueError("hashed version doesn't validate against original")