diff options
author | Martin v. Löwis <martin@v.loewis.de> | 2004-07-26 12:05:16 (GMT) |
---|---|---|
committer | Martin v. Löwis <martin@v.loewis.de> | 2004-07-26 12:05:16 (GMT) |
commit | 37ead8f1c324e73a75c4bb36582ff49cb2220065 (patch) | |
tree | ccca2bfde1290529107874739623900d4b926225 /Doc/lib/libcrypt.tex | |
parent | abba5c067d42e3ecf3ad018f8ae98f60ef1ca170 (diff) | |
download | cpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.zip cpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.tar.gz cpython-37ead8f1c324e73a75c4bb36582ff49cb2220065.tar.bz2 |
Patch #997668: Correct explanation of salts.
Will backport to 2.3.
Diffstat (limited to 'Doc/lib/libcrypt.tex')
-rw-r--r-- | Doc/lib/libcrypt.tex | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/Doc/lib/libcrypt.tex b/Doc/lib/libcrypt.tex index 20d9bb2..b6a1463 100644 --- a/Doc/lib/libcrypt.tex +++ b/Doc/lib/libcrypt.tex @@ -17,6 +17,10 @@ the \UNIX{} man page for further details. Possible uses include allowing Python scripts to accept typed passwords from the user, or attempting to crack \UNIX{} passwords with a dictionary. +Notice that the behavior of this module depends on the actual implementation +of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system. +Therefore, any extensions available on the current implementation will also +be available on this module. \begin{funcdesc}{crypt}{word, salt} \var{word} will usually be a user's password as typed at a prompt or in a graphical interface. \var{salt} is usually a random @@ -25,6 +29,10 @@ attempting to crack \UNIX{} passwords with a dictionary. set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt (the first two characters represent the salt itself). + + Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different + values, with different sizes in the \var{salt}, it is recommended to use + the full crypted password as salt when checking for a password. \end{funcdesc} @@ -40,7 +48,7 @@ def login(): if cryptedpasswd == 'x' or cryptedpasswd == '*': raise "Sorry, currently no support for shadow passwords" cleartext = getpass.getpass() - return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd + return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd else: return 1 \end{verbatim} |