How to re-implement the crypt.crypt function?
Roy Smith
roy at panix.com
Sat Mar 10 15:15:46 EST 2012
In article
<28304124.1374.1331408016748.JavaMail.geo-discussion-forums at yncd8>,
Cosmia Luna <cosmius at gmail.com> wrote:
> I'm not searching for a full solution and only want to know how to use
> hashlib to create a equivalent string like
>
> crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.
>
> '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowO
> frrNPD/PpYT3n6oNDIbjAONh8RXt1'
> [...]
> I can't use crypt.crypt because of the
> consideration of cross-platform.
Just out of curiosity, why do you want to do this? The python crypt
module uses the crypt library supplied by the operating system (which is
why it only works on unix). The algorithm implemented is a modification
of DES, i.e. a salt string is used to change some of the tables used in
the DES computation. It goes back to the ancient days of unix.
By today's standards, the algorithm isn't considered very strong. The
only place I'm aware that uses it is unix password files, and even there
many (most?) systems have replaced it with something stronger such as
SHA1. Maybe Apache .htaccess files?
I don't know what your use case is, but unless you're doing something
silly like trying to execute a dictionary attack against a unix password
file, it's almost certain that you'd do better to just use SHA1.
More information about the Python-list
mailing list