61 lines
2.3 KiB
TeX
61 lines
2.3 KiB
TeX
\section{\module{crypt} ---
|
|
Function to check \UNIX{} passwords}
|
|
|
|
\declaremodule{builtin}{crypt}
|
|
\platform{Unix}
|
|
\modulesynopsis{The \cfunction{crypt()} function used to check
|
|
\UNIX\ passwords.}
|
|
\moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu}
|
|
\sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu}
|
|
\sectionauthor{Peter Funk}{pf@artcom-gmbh.de}
|
|
|
|
|
|
This module implements an interface to the
|
|
\manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
|
|
function based upon a modified DES\indexii{cipher}{DES} algorithm; see
|
|
the \UNIX{} man page for further details. Possible uses include
|
|
allowing Python scripts to accept typed passwords from the user, or
|
|
attempting to crack \UNIX{} passwords with a dictionary.
|
|
|
|
Notice that the behavior of this module depends on the actual implementation
|
|
of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
|
|
Therefore, any extensions available on the current implementation will also
|
|
be available on this module.
|
|
\begin{funcdesc}{crypt}{word, salt}
|
|
\var{word} will usually be a user's password as typed at a prompt or
|
|
in a graphical interface. \var{salt} is usually a random
|
|
two-character string which will be used to perturb the DES algorithm
|
|
in one of 4096 ways. The characters in \var{salt} must be in the
|
|
set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
|
|
string, which will be composed of characters from the same alphabet
|
|
as the salt (the first two characters represent the salt itself).
|
|
|
|
Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
|
|
values, with different sizes in the \var{salt}, it is recommended to use
|
|
the full crypted password as salt when checking for a password.
|
|
\end{funcdesc}
|
|
|
|
|
|
A simple example illustrating typical use:
|
|
|
|
\begin{verbatim}
|
|
import crypt, getpass, pwd
|
|
|
|
def raw_input(prompt):
|
|
import sys
|
|
sys.stdout.write(prompt)
|
|
sys.stdout.flush()
|
|
return sys.stdin.readline()
|
|
|
|
def login():
|
|
username = raw_input('Python login:')
|
|
cryptedpasswd = pwd.getpwnam(username)[1]
|
|
if cryptedpasswd:
|
|
if cryptedpasswd == 'x' or cryptedpasswd == '*':
|
|
raise "Sorry, currently no support for shadow passwords"
|
|
cleartext = getpass.getpass()
|
|
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
|
|
else:
|
|
return 1
|
|
\end{verbatim}
|