crypt —- Function to check Unix passwords
Source code:Lib/crypt.py
This module implements an interface to the crypt(3) routine, which isa one-way hash function based upon a modified DES algorithm; see the Unix manpage for further details. Possible uses include storing hashed passwordsso you can check passwords without storing the actual password, or attemptingto crack Unix passwords with a dictionary.
Notice that the behavior of this module depends on the actual implementation ofthe crypt(3) routine in the running system. Therefore, anyextensions available on the current implementation will also be available onthis module.
Hashing Methods
3.3 新版功能.
The crypt
module defines the list of hashing methods (not all methodsare available on all platforms):
crypt.
METHOD_SHA512
- A Modular Crypt Format method with 16 character salt and 86 characterhash based on the SHA-512 hash function. This is the strongest method.
crypt.
METHOD_SHA256
- Another Modular Crypt Format method with 16 character salt and 43character hash based on the SHA-256 hash function.
crypt.
METHOD_BLOWFISH
- Another Modular Crypt Format method with 22 character salt and 31character hash based on the Blowfish cipher.
3.7 新版功能.
crypt.
METHOD_MD5
- Another Modular Crypt Format method with 8 character salt and 22character hash based on the MD5 hash function.
crypt.
METHOD_CRYPT
- The traditional method with a 2 character salt and 13 characters ofhash. This is the weakest method.
Module Attributes
3.3 新版功能.
crypt.
methods
- A list of available password hashing algorithms, as
crypt.METHOD_*
objects. This list is sorted from strongest toweakest.
模块函数
The crypt
module defines the following functions:
crypt.
crypt
(word, salt=None)- word will usually be a user's password as typed at a prompt or in a graphicalinterface. The optional salt is either a string as returned from
mksalt()
, one of thecrypt.METHOD*
values (though not allmay be available on all platforms), or a full encrypted passwordincluding salt, as returned by this function. If _salt is notprovided, the strongest method will be used (as returned bymethods()
).
Checking a password is usually done by passing the plain-text passwordas word and the full results of a previous crypt()
call,which should be the same as the results of this call.
salt (either a random 2 or 16 character string, possibly prefixed with$digit$
to indicate the method) which will be used to perturb theencryption algorithm. The characters in salt must be in the set[./a-zA-Z0-9]
, with the exception of Modular Crypt Format whichprefixes a $digit$
.
Returns the hashed password as a string, which will be composed ofcharacters from the same alphabet as the salt.
Since a few crypt(3) extensions allow different values, withdifferent sizes in the salt, it is recommended to use the full cryptedpassword as salt when checking for a password.
在 3.3 版更改: Accept crypt.METHOD*
values in addition to strings for _salt.
crypt.
mksalt
(method=None, *, rounds=None)- Return a randomly generated salt of the specified method. If nomethod is given, the strongest method available as returned by
methods()
is used.
The return value is a string suitable for passing as the salt argumentto crypt()
.
rounds specifies the number of rounds for METHOD_SHA256
,METHOD_SHA512
and METHOD_BLOWFISH
.For METHOD_SHA256
and METHOD_SHA512
it must be an integer between1000
and 999_999_999
, the default is 5000
. ForMETHOD_BLOWFISH
it must be a power of two between 16
(24)and 2_147_483_648
(231), the default is 4096
(212).
3.3 新版功能.
在 3.7 版更改: Added the rounds parameter.
例子
A simple example illustrating typical use (a constant-time comparisonoperation is needed to limit exposure to timing attacks.hmac.compare_digest()
is suitable for this purpose):
- import pwd
- import crypt
- import getpass
- from hmac import compare_digest as compare_hash
- def login():
- username = input('Python login: ')
- cryptedpasswd = pwd.getpwnam(username)[1]
- if cryptedpasswd:
- if cryptedpasswd == 'x' or cryptedpasswd == '*':
- raise ValueError('no support for shadow passwords')
- cleartext = getpass.getpass()
- return compare_hash(crypt.crypt(cleartext, cryptedpasswd), cryptedpasswd)
- else:
- return True
To generate a hash of a password using the strongest available method andcheck it against the original:
- import crypt
- from hmac import compare_digest as compare_hash
- hashed = crypt.crypt(plaintext)
- if not compare_hash(hashed, crypt.crypt(plaintext, hashed)):
- raise ValueError("hashed version doesn't validate against original")