How to re-implement the crypt.crypt function?

Roy Smith roy at panix.com
Sat Mar 10 21:15:46 CET 2012


In article 
<28304124.1374.1331408016748.JavaMail.geo-discussion-forums at yncd8>,
 Cosmia Luna <cosmius at gmail.com> wrote:

> I'm not searching for a full solution and only want to know how to use 
> hashlib to create a equivalent string like 
> 
> crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below. 
> 
> '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowO
> frrNPD/PpYT3n6oNDIbjAONh8RXt1'
> [...]
> I can't use crypt.crypt because of the 
> consideration of cross-platform.

Just out of curiosity, why do you want to do this?  The python crypt 
module uses the crypt library supplied by the operating system (which is 
why it only works on unix).  The algorithm implemented is a modification 
of DES, i.e. a salt string is used to change some of the tables used in 
the DES computation.  It goes back to the ancient days of unix.

By today's standards, the algorithm isn't considered very strong.  The 
only place I'm aware that uses it is unix password files, and even there 
many (most?) systems have replaced it with something stronger such as 
SHA1.  Maybe Apache .htaccess files?

I don't know what your use case is, but unless you're doing something 
silly like trying to execute a dictionary attack against a unix password 
file, it's almost certain that you'd do better to just use SHA1.



More information about the Python-list mailing list