| \section{\module{crypt} --- |
| Function to check \UNIX{} passwords} |
| |
| \declaremodule{builtin}{crypt} |
| \platform{Unix} |
| \modulesynopsis{The \cfunction{crypt()} function used to check |
| \UNIX\ passwords.} |
| \moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu} |
| \sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu} |
| \sectionauthor{Peter Funk}{pf@artcom-gmbh.de} |
| |
| |
| This module implements an interface to the |
| \manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash |
| function based upon a modified DES\indexii{cipher}{DES} algorithm; see |
| the \UNIX{} man page for further details. Possible uses include |
| allowing Python scripts to accept typed passwords from the user, or |
| attempting to crack \UNIX{} passwords with a dictionary. |
| |
| Notice that the behavior of this module depends on the actual implementation |
| of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system. |
| Therefore, any extensions available on the current implementation will also |
| be available on this module. |
| \begin{funcdesc}{crypt}{word, salt} |
| \var{word} will usually be a user's password as typed at a prompt or |
| in a graphical interface. \var{salt} is usually a random |
| two-character string which will be used to perturb the DES algorithm |
| in one of 4096 ways. The characters in \var{salt} must be in the |
| set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a |
| string, which will be composed of characters from the same alphabet |
| as the salt (the first two characters represent the salt itself). |
| |
| Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different |
| values, with different sizes in the \var{salt}, it is recommended to use |
| the full crypted password as salt when checking for a password. |
| \end{funcdesc} |
| |
| |
| A simple example illustrating typical use: |
| |
| \begin{verbatim} |
| import crypt, getpass, pwd |
| |
| def login(): |
| username = raw_input('Python login:') |
| cryptedpasswd = pwd.getpwnam(username)[1] |
| if cryptedpasswd: |
| if cryptedpasswd == 'x' or cryptedpasswd == '*': |
| raise "Sorry, currently no support for shadow passwords" |
| cleartext = getpass.getpass() |
| return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd |
| else: |
| return 1 |
| \end{verbatim} |