Doc/lib/libcrypt.tex - platform/external/python/cpython3 - Gitiles

 \section{\module{crypt} ---
          Function to check \UNIX{} passwords}

 \declaremodule{builtin}{crypt}
   \platform{Unix}
 \modulesynopsis{The \cfunction{crypt()} function used to check
   \UNIX\ passwords.}
 \moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu}
 \sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu}
 \sectionauthor{Peter Funk}{pf@artcom-gmbh.de}


 This module implements an interface to the
 \manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
 function based upon a modified DES\indexii{cipher}{DES} algorithm; see
 the \UNIX{} man page for further details.  Possible uses include
 allowing Python scripts to accept typed passwords from the user, or
 attempting to crack \UNIX{} passwords with a dictionary.

 Notice that the behavior of this module depends on the actual implementation
 of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
 Therefore, any extensions available on the current implementation will also
 be available on this module.
 \begin{funcdesc}{crypt}{word, salt}
   \var{word} will usually be a user's password as typed at a prompt or
   in a graphical interface.  \var{salt} is usually a random
   two-character string which will be used to perturb the DES algorithm
   in one of 4096 ways.  The characters in \var{salt} must be in the
   set \regexp{[./a-zA-Z0-9]}.  Returns the hashed password as a
   string, which will be composed of characters from the same alphabet
    as the salt (the first two characters represent the salt itself).

   Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
   values, with different sizes in the \var{salt}, it is recommended to use
   the full crypted password as salt when checking for a password.
 \end{funcdesc}


 A simple example illustrating typical use:

 \begin{verbatim}
 import crypt, getpass, pwd

 def login():
     username = raw_input('Python login:')
     cryptedpasswd = pwd.getpwnam(username)[1]
     if cryptedpasswd:
         if cryptedpasswd == 'x' or cryptedpasswd == '*':
             raise "Sorry, currently no support for shadow passwords"
         cleartext = getpass.getpass()
         return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
     else:
         return 1
 \end{verbatim}
	\section{\module{crypt} ---
	Function to check \UNIX{} passwords}

	\declaremodule{builtin}{crypt}
	\platform{Unix}
	\modulesynopsis{The \cfunction{crypt()} function used to check
	\UNIX\ passwords.}
	\moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu}
	\sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu}
	\sectionauthor{Peter Funk}{pf@artcom-gmbh.de}


	This module implements an interface to the
	\manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
	function based upon a modified DES\indexii{cipher}{DES} algorithm; see
	the \UNIX{} man page for further details. Possible uses include
	allowing Python scripts to accept typed passwords from the user, or
	attempting to crack \UNIX{} passwords with a dictionary.

	Notice that the behavior of this module depends on the actual implementation
	of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
	Therefore, any extensions available on the current implementation will also
	be available on this module.
	\begin{funcdesc}{crypt}{word, salt}
	\var{word} will usually be a user's password as typed at a prompt or
	in a graphical interface. \var{salt} is usually a random
	two-character string which will be used to perturb the DES algorithm
	in one of 4096 ways. The characters in \var{salt} must be in the
	set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
	string, which will be composed of characters from the same alphabet
	as the salt (the first two characters represent the salt itself).

	Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
	values, with different sizes in the \var{salt}, it is recommended to use
	the full crypted password as salt when checking for a password.
	\end{funcdesc}


	A simple example illustrating typical use:

	\begin{verbatim}
	import crypt, getpass, pwd

	def login():
	username = raw_input('Python login:')
	cryptedpasswd = pwd.getpwnam(username)[1]
	if cryptedpasswd:
	if cryptedpasswd == 'x' or cryptedpasswd == '*':
	raise "Sorry, currently no support for shadow passwords"
	cleartext = getpass.getpass()
	return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
	else:
	return 1
	\end{verbatim}