[Python-ideas] Adding salt and Modular Crypt Format to crypt library.

Sean Reifschneider jafo at tummy.com
Mon Jan 17 08:11:20 CET 2011

Over the years I've written the same code over and over to create a random
salt string of 2 characters.  Worse, the Modular Crypt Format is difficult
to find documentation on, so creating stronger hashed passwords is
difficult to get right.

By this, I mean things like:

   crypt.crypt('password', 'xJ')
   crypt.crypt('password', '$1$/gL8bA.z')
   crypt.crypt('password', '$6$/uPNNoSGrlc0Kf0go')

To that end, I'm proposing the addition of a "mksalt()" method which will
generate a salt, and several METHOD_* values to select which hashing method
to use.

I also figure there will need to be a "methods()" call that figures out
what methods are available in the library crypt() and return a list of the
available ones.

If we have a way to generate a salt, then I figure we could drop the salt
argument of crypt.crypt(), and if not specified to generate one.  So to
hash a password you could do: "crypt.crypt('password')".

I figure that the best way to accomplish this is to implement this all in
Python and move the existing C crypt module to _crypt.

I've created an issue: http://bugs.python.org/issue10924
with this description and a patch to accomplish the above.

Thoughts and review?

 I have a large collection of sea shells, which I keep scattered on beaches
 around the world.  Maybe you've seen it...  -- Steven Wright
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability

More information about the Python-ideas mailing list