Adding salt and Modular Crypt Format to crypt library.
Over the years I've written the same code over and over to create a random
salt string of 2 characters. Worse, the Modular Crypt Format is difficult
to find documentation on, so creating stronger hashed passwords is
difficult to get right.
By this, I mean things like:
crypt.crypt('password', 'xJ')
crypt.crypt('password', '$1$/gL8bA.z')
crypt.crypt('password', '$6$/uPNNoSGrlc0Kf0go')
To that end, I'm proposing the addition of a "mksalt()" method which will
generate a salt, and several METHOD_* values to select which hashing method
to use.
I also figure there will need to be a "methods()" call that figures out
what methods are available in the library crypt() and return a list of the
available ones.
If we have a way to generate a salt, then I figure we could drop the salt
argument of crypt.crypt(), and if not specified to generate one. So to
hash a password you could do: "crypt.crypt('password')".
I figure that the best way to accomplish this is to implement this all in
Python and move the existing C crypt module to _crypt.
I've created an issue: http://bugs.python.org/issue10924
with this description and a patch to accomplish the above.
Thoughts and review?
Thanks,
Sean
--
I have a large collection of sea shells, which I keep scattered on beaches
around the world. Maybe you've seen it... -- Steven Wright
Sean Reifschneider, Member of Technical Staff
Hi Sean 1) Minor API note: I'd expect a dict of hashes to their respective crypt functions 2) Is there any leverage for possibly including stronger KDFs, such as scrypt or possibly bcrypt into Python? People have created nice C bindings for both, and licenses permit it. That would make the crypt module good for storing passwords too, as well as being good for comparing them to some particular format. cheers lvh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/17/2011 04:54 AM, Laurens Van Houtven wrote:
1) Minor API note: I'd expect a dict of hashes to their respective crypt functions
I don't follow what you mean, sorry. Can you provide an example?
2) Is there any leverage for possibly including stronger KDFs, such as scrypt or possibly bcrypt into Python? People have created nice C
Possibly, but I'd say that's beyond the scope of this patch and would need to be a separate patch. This patch is about adding salt functions to the existing module which wraps the C library function crypt(), which requires a salt argument but provides no helpers to generate them. Sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFNNDQCxUhyMYEjVX0RAg/2AKC6Q3WYL5YV/LME02H9HvPYSxrISwCcCAuD +9cPhYOTX3pYYK31hLN1RBk= =lhYv -----END PGP SIGNATURE-----
participants (2)
-
Laurens Van Houtven
-
Sean Reifschneider