Over the years I've written the same code over and over to create a random salt string of 2 characters. Worse, the Modular Crypt Format is difficult to find documentation on, so creating stronger hashed passwords is difficult to get right.
By this, I mean things like:
crypt.crypt('password', 'xJ') crypt.crypt('password', '$1$/gL8bA.z') crypt.crypt('password', '$6$/uPNNoSGrlc0Kf0go')
To that end, I'm proposing the addition of a "mksalt()" method which will generate a salt, and several METHOD_* values to select which hashing method to use.
I also figure there will need to be a "methods()" call that figures out what methods are available in the library crypt() and return a list of the available ones.
If we have a way to generate a salt, then I figure we could drop the salt argument of crypt.crypt(), and if not specified to generate one. So to hash a password you could do: "crypt.crypt('password')".
I figure that the best way to accomplish this is to implement this all in Python and move the existing C crypt module to _crypt.
I've created an issue: http://bugs.python.org/issue10924 with this description and a patch to accomplish the above.
Thoughts and review?
1) Minor API note: I'd expect a dict of hashes to their respective crypt functions 2) Is there any leverage for possibly including stronger KDFs, such as scrypt or possibly bcrypt into Python? People have created nice C bindings for both, and licenses permit it. That would make the crypt module good for storing passwords too, as well as being good for comparing them to some particular format.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/17/2011 04:54 AM, Laurens Van Houtven wrote:
- Minor API note: I'd expect a dict of hashes to their respective
I don't follow what you mean, sorry. Can you provide an example?
- Is there any leverage for possibly including stronger KDFs, such as
scrypt or possibly bcrypt into Python? People have created nice C
Possibly, but I'd say that's beyond the scope of this patch and would need to be a separate patch. This patch is about adding salt functions to the existing module which wraps the C library function crypt(), which requires a salt argument but provides no helpers to generate them.