Patch #997668: Correct explanation of salts.

Will backport to 2.3.

1 files changed, 9 insertions, 1 deletions

diff --git a/Doc/lib/libcrypt.tex b/Doc/lib/libcrypt.tex
index 20d9bb2..b6a1463 100644
--- a/Doc/lib/libcrypt.tex
+++ b/Doc/lib/libcrypt.tex
@@ -17,6 +17,10 @@ the \UNIX{} man page for further details.  Possible uses include
 allowing Python scripts to accept typed passwords from the user, or
 attempting to crack \UNIX{} passwords with a dictionary.
 
+Notice that the behavior of this module depends on the actual implementation 
+of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system. 
+Therefore, any extensions available on the current implementation will also 
+be available on this module.
 \begin{funcdesc}{crypt}{word, salt} 
   \var{word} will usually be a user's password as typed at a prompt or 
   in a graphical interface.  \var{salt} is usually a random
@@ -25,6 +29,10 @@ attempting to crack \UNIX{} passwords with a dictionary.
   set \regexp{[./a-zA-Z0-9]}.  Returns the hashed password as a
   string, which will be composed of characters from the same alphabet
    as the salt (the first two characters represent the salt itself).
+
+  Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
+  values, with different sizes in the \var{salt}, it is recommended to use 
+  the full crypted password as salt when checking for a password.
 \end{funcdesc}
 
 
@@ -40,7 +48,7 @@ def login():
         if cryptedpasswd == 'x' or cryptedpasswd == '*': 
             raise "Sorry, currently no support for shadow passwords"
         cleartext = getpass.getpass()
-        return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd
+        return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
     else:
         return 1
 \end{verbatim}