Over the years I've written the same code over and over to create a random salt string of 2 characters. Worse, the Modular Crypt Format is difficult to find documentation on, so creating stronger hashed passwords is difficult to get right.
By this, I mean things like:
crypt.crypt('password', 'xJ') crypt.crypt('password', '$1$/gL8bA.z') crypt.crypt('password', '$6$/uPNNoSGrlc0Kf0go')
To that end, I'm proposing the addition of a "mksalt()" method which will generate a salt, and several METHOD_* values to select which hashing method to use.
I also figure there will need to be a "methods()" call that figures out what methods are available in the library crypt() and return a list of the available ones.
If we have a way to generate a salt, then I figure we could drop the salt argument of crypt.crypt(), and if not specified to generate one. So to hash a password you could do: "crypt.crypt('password')".
I figure that the best way to accomplish this is to implement this all in Python and move the existing C crypt module to _crypt.
I've created an issue: http://bugs.python.org/issue10924 with this description and a patch to accomplish the above.
Thoughts and review?
I have a large collection of sea shells, which I keep scattered on beaches around the world. Maybe you've seen it... -- Steven Wright Sean Reifschneider, Member of Technical Staff email@example.com tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
1) Minor API note: I'd expect a dict of hashes to their respective crypt functions 2) Is there any leverage for possibly including stronger KDFs, such as scrypt or possibly bcrypt into Python? People have created nice C bindings for both, and licenses permit it. That would make the crypt module good for storing passwords too, as well as being good for comparing them to some particular format.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/17/2011 04:54 AM, Laurens Van Houtven wrote:
1) Minor API note: I'd expect a dict of hashes to their respective crypt functions
I don't follow what you mean, sorry. Can you provide an example?
2) Is there any leverage for possibly including stronger KDFs, such as scrypt or possibly bcrypt into Python? People have created nice C
Possibly, but I'd say that's beyond the scope of this patch and would need to be a separate patch. This patch is about adding salt functions to the existing module which wraps the C library function crypt(), which requires a salt argument but provides no helpers to generate them.
iD8DBQFNNDQCxUhyMYEjVX0RAg/2AKC6Q3WYL5YV/LME02H9HvPYSxrISwCcCAuD +9cPhYOTX3pYYK31hLN1RBk= =lhYv -----END PGP SIGNATURE-----