How to re-implement the crypt.crypt function?

Christian Heimes lists at
Sat Mar 10 21:36:42 CET 2012

Am 10.03.2012 21:15, schrieb Roy Smith:
> By today's standards, the algorithm isn't considered very strong.  The 
> only place I'm aware that uses it is unix password files, and even there 
> many (most?) systems have replaced it with something stronger such as 
> SHA1.  Maybe Apache .htaccess files?

The algorithm with identifier 6 is a SHA-512 crypt algorithm with a
lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's
the default algorithm on modern Linux machines and believed to be very

The large salt makes a rainbow table attack impossible and the 40,000
rounds require a lot of CPU time, even on modern systems.


More information about the Python-list mailing list