summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin v. Löwis <martin@v.loewis.de>2004-07-26 12:05:16 (GMT)
committerMartin v. Löwis <martin@v.loewis.de>2004-07-26 12:05:16 (GMT)
commit37ead8f1c324e73a75c4bb36582ff49cb2220065 (patch)
treeccca2bfde1290529107874739623900d4b926225
parentabba5c067d42e3ecf3ad018f8ae98f60ef1ca170 (diff)
downloadcpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.zip
cpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.tar.gz
cpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.tar.bz2
Patch #997668: Correct explanation of salts.
Will backport to 2.3.
-rw-r--r--Doc/lib/libcrypt.tex10
1 files changed, 9 insertions, 1 deletions
diff --git a/Doc/lib/libcrypt.tex b/Doc/lib/libcrypt.tex
index 20d9bb2..b6a1463 100644
--- a/Doc/lib/libcrypt.tex
+++ b/Doc/lib/libcrypt.tex
@@ -17,6 +17,10 @@ the \UNIX{} man page for further details. Possible uses include
allowing Python scripts to accept typed passwords from the user, or
attempting to crack \UNIX{} passwords with a dictionary.
+Notice that the behavior of this module depends on the actual implementation
+of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
+Therefore, any extensions available on the current implementation will also
+be available on this module.
\begin{funcdesc}{crypt}{word, salt}
\var{word} will usually be a user's password as typed at a prompt or
in a graphical interface. \var{salt} is usually a random
@@ -25,6 +29,10 @@ attempting to crack \UNIX{} passwords with a dictionary.
set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
string, which will be composed of characters from the same alphabet
as the salt (the first two characters represent the salt itself).
+
+ Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
+ values, with different sizes in the \var{salt}, it is recommended to use
+ the full crypted password as salt when checking for a password.
\end{funcdesc}
@@ -40,7 +48,7 @@ def login():
if cryptedpasswd == 'x' or cryptedpasswd == '*':
raise "Sorry, currently no support for shadow passwords"
cleartext = getpass.getpass()
- return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd
+ return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
else:
return 1
\end{verbatim}