| 1 | \section{\module{crypt} ---
|
|---|
| 2 | Function to check \UNIX{} passwords}
|
|---|
| 3 |
|
|---|
| 4 | \declaremodule{builtin}{crypt}
|
|---|
| 5 | \platform{Unix}
|
|---|
| 6 | \modulesynopsis{The \cfunction{crypt()} function used to check
|
|---|
| 7 | \UNIX\ passwords.}
|
|---|
| 8 | \moduleauthor{Steven D. Majewski}{[email protected]}
|
|---|
| 9 | \sectionauthor{Steven D. Majewski}{[email protected]}
|
|---|
| 10 | \sectionauthor{Peter Funk}{[email protected]}
|
|---|
| 11 |
|
|---|
| 12 |
|
|---|
| 13 | This module implements an interface to the
|
|---|
| 14 | \manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
|
|---|
| 15 | function based upon a modified DES\indexii{cipher}{DES} algorithm; see
|
|---|
| 16 | the \UNIX{} man page for further details. Possible uses include
|
|---|
| 17 | allowing Python scripts to accept typed passwords from the user, or
|
|---|
| 18 | attempting to crack \UNIX{} passwords with a dictionary.
|
|---|
| 19 |
|
|---|
| 20 | Notice that the behavior of this module depends on the actual implementation
|
|---|
| 21 | of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
|
|---|
| 22 | Therefore, any extensions available on the current implementation will also
|
|---|
| 23 | be available on this module.
|
|---|
| 24 | \begin{funcdesc}{crypt}{word, salt}
|
|---|
| 25 | \var{word} will usually be a user's password as typed at a prompt or
|
|---|
| 26 | in a graphical interface. \var{salt} is usually a random
|
|---|
| 27 | two-character string which will be used to perturb the DES algorithm
|
|---|
| 28 | in one of 4096 ways. The characters in \var{salt} must be in the
|
|---|
| 29 | set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
|
|---|
| 30 | string, which will be composed of characters from the same alphabet
|
|---|
| 31 | as the salt (the first two characters represent the salt itself).
|
|---|
| 32 |
|
|---|
| 33 | Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
|
|---|
| 34 | values, with different sizes in the \var{salt}, it is recommended to use
|
|---|
| 35 | the full crypted password as salt when checking for a password.
|
|---|
| 36 | \end{funcdesc}
|
|---|
| 37 |
|
|---|
| 38 |
|
|---|
| 39 | A simple example illustrating typical use:
|
|---|
| 40 |
|
|---|
| 41 | \begin{verbatim}
|
|---|
| 42 | import crypt, getpass, pwd
|
|---|
| 43 |
|
|---|
| 44 | def login():
|
|---|
| 45 | username = raw_input('Python login:')
|
|---|
| 46 | cryptedpasswd = pwd.getpwnam(username)[1]
|
|---|
| 47 | if cryptedpasswd:
|
|---|
| 48 | if cryptedpasswd == 'x' or cryptedpasswd == '*':
|
|---|
| 49 | raise "Sorry, currently no support for shadow passwords"
|
|---|
| 50 | cleartext = getpass.getpass()
|
|---|
| 51 | return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
|
|---|
| 52 | else:
|
|---|
| 53 | return 1
|
|---|
| 54 | \end{verbatim}
|
|---|
