Patch #997668: Correct explanation of salts.
Will backport to 2.3.
diff --git a/Doc/lib/libcrypt.tex b/Doc/lib/libcrypt.tex
index 20d9bb2..b6a1463 100644
--- a/Doc/lib/libcrypt.tex
+++ b/Doc/lib/libcrypt.tex
@@ -17,6 +17,10 @@
allowing Python scripts to accept typed passwords from the user, or
attempting to crack \UNIX{} passwords with a dictionary.
+Notice that the behavior of this module depends on the actual implementation
+of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
+Therefore, any extensions available on the current implementation will also
+be available on this module.
\begin{funcdesc}{crypt}{word, salt}
\var{word} will usually be a user's password as typed at a prompt or
in a graphical interface. \var{salt} is usually a random
@@ -25,6 +29,10 @@
set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
string, which will be composed of characters from the same alphabet
as the salt (the first two characters represent the salt itself).
+
+ Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
+ values, with different sizes in the \var{salt}, it is recommended to use
+ the full crypted password as salt when checking for a password.
\end{funcdesc}
@@ -40,7 +48,7 @@
if cryptedpasswd == 'x' or cryptedpasswd == '*':
raise "Sorry, currently no support for shadow passwords"
cleartext = getpass.getpass()
- return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd
+ return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
else:
return 1
\end{verbatim}