blob: b6a14635b56acc2923a17c71cef35ff4ba87909d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
\section{\module{crypt} ---
Function to check \UNIX{} passwords}
\declaremodule{builtin}{crypt}
\platform{Unix}
\modulesynopsis{The \cfunction{crypt()} function used to check
\UNIX\ passwords.}
\moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu}
\sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu}
\sectionauthor{Peter Funk}{pf@artcom-gmbh.de}
This module implements an interface to the
\manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
function based upon a modified DES\indexii{cipher}{DES} algorithm; see
the \UNIX{} man page for further details. Possible uses include
allowing Python scripts to accept typed passwords from the user, or
attempting to crack \UNIX{} passwords with a dictionary.
Notice that the behavior of this module depends on the actual implementation
of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
Therefore, any extensions available on the current implementation will also
be available on this module.
\begin{funcdesc}{crypt}{word, salt}
\var{word} will usually be a user's password as typed at a prompt or
in a graphical interface. \var{salt} is usually a random
two-character string which will be used to perturb the DES algorithm
in one of 4096 ways. The characters in \var{salt} must be in the
set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
string, which will be composed of characters from the same alphabet
as the salt (the first two characters represent the salt itself).
Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
values, with different sizes in the \var{salt}, it is recommended to use
the full crypted password as salt when checking for a password.
\end{funcdesc}
A simple example illustrating typical use:
\begin{verbatim}
import crypt, getpass, pwd
def login():
username = raw_input('Python login:')
cryptedpasswd = pwd.getpwnam(username)[1]
if cryptedpasswd:
if cryptedpasswd == 'x' or cryptedpasswd == '*':
raise "Sorry, currently no support for shadow passwords"
cleartext = getpass.getpass()
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
else:
return 1
\end{verbatim}
|