mirror of https://github.com/python/cpython
60 lines
2.2 KiB
ReStructuredText
60 lines
2.2 KiB
ReStructuredText
:mod:`crypt` --- Function to check Unix passwords
|
|
=================================================
|
|
|
|
.. module:: crypt
|
|
:platform: Unix
|
|
:synopsis: The crypt() function used to check Unix passwords.
|
|
.. moduleauthor:: Steven D. Majewski <sdm7g@virginia.edu>
|
|
.. sectionauthor:: Steven D. Majewski <sdm7g@virginia.edu>
|
|
.. sectionauthor:: Peter Funk <pf@artcom-gmbh.de>
|
|
|
|
|
|
.. index::
|
|
single: crypt(3)
|
|
pair: cipher; DES
|
|
|
|
This module implements an interface to the :manpage:`crypt(3)` routine, which is
|
|
a one-way hash function based upon a modified DES algorithm; see the Unix man
|
|
page for further details. Possible uses include allowing Python scripts to
|
|
accept typed passwords from the user, or attempting to crack Unix passwords with
|
|
a dictionary.
|
|
|
|
.. index:: single: crypt(3)
|
|
|
|
Notice that the behavior of this module depends on the actual implementation of
|
|
the :manpage:`crypt(3)` routine in the running system. Therefore, any
|
|
extensions available on the current implementation will also be available on
|
|
this module.
|
|
|
|
|
|
.. function:: crypt(word, salt)
|
|
|
|
*word* will usually be a user's password as typed at a prompt or in a graphical
|
|
interface. *salt* is usually a random two-character string which will be used
|
|
to perturb the DES algorithm in one of 4096 ways. The characters in *salt* must
|
|
be in the set ``[./a-zA-Z0-9]``. Returns the hashed password as a string, which
|
|
will be composed of characters from the same alphabet as the salt (the first two
|
|
characters represent the salt itself).
|
|
|
|
.. index:: single: crypt(3)
|
|
|
|
Since a few :manpage:`crypt(3)` extensions allow different values, with
|
|
different sizes in the *salt*, it is recommended to use the full crypted
|
|
password as salt when checking for a password.
|
|
|
|
A simple example illustrating typical use::
|
|
|
|
import crypt, getpass, pwd
|
|
|
|
def login():
|
|
username = input('Python login:')
|
|
cryptedpasswd = pwd.getpwnam(username)[1]
|
|
if cryptedpasswd:
|
|
if cryptedpasswd == 'x' or cryptedpasswd == '*':
|
|
raise "Sorry, currently no support for shadow passwords"
|
|
cleartext = getpass.getpass()
|
|
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
|
|
else:
|
|
return 1
|
|
|