<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>35.5. crypt — Function to check Unix passwords — Python 3.5.3 documentation</title>
<link rel="stylesheet" href="../_static/pydoctheme.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '3.5.3',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/sidebar.js"></script>
<link rel="search" type="application/opensearchdescription+xml"
title="Search within Python 3.5.3 documentation"
href="../_static/opensearch.xml"/>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="top" title="Python 3.5.3 documentation" href="../contents.html" />
<link rel="up" title="35. Unix Specific Services" href="unix.html" />
<link rel="next" title="35.6. termios — POSIX style tty control" href="termios.html" />
<link rel="prev" title="35.4. grp — The group database" href="grp.html" />
<link rel="shortcut icon" type="image/png" href="../_static/py.png" />
<script type="text/javascript" src="../_static/copybutton.js"></script>
<script type="text/javascript" src="../_static/version_switch.js"></script>
</head>
<body role="document">
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="termios.html" title="35.6. termios — POSIX style tty control"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="grp.html" title="35.4. grp — The group database"
accesskey="P">previous</a> |</li>
<li><img src="../_static/py.png" alt=""
style="vertical-align: middle; margin-top: -1px"/></li>
<li><a href="https://www.python.org/">Python</a> »</li>
<li>
<span class="version_switcher_placeholder">3.5.3</span>
<a href="../index.html">Documentation </a> »
</li>
<li class="nav-item nav-item-1"><a href="index.html" >The Python Standard Library</a> »</li>
<li class="nav-item nav-item-2"><a href="unix.html" accesskey="U">35. Unix Specific Services</a> »</li>
<li class="right">
<div class="inline-search" style="display: none" role="search">
<form class="inline-search" action="../search.html" method="get">
<input placeholder="Quick search" type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<script type="text/javascript">$('.inline-search').show(0);</script>
|
</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="module-crypt">
<span id="crypt-function-to-check-unix-passwords"></span><h1>35.5. <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal"><span class="pre">crypt</span></code></a> — Function to check Unix passwords<a class="headerlink" href="#module-crypt" title="Permalink to this headline">¶</a></h1>
<p><strong>Source code:</strong> <a class="reference external" href="https://hg.python.org/cpython/file/3.5/Lib/crypt.py">Lib/crypt.py</a></p>
<hr class="docutils" id="index-0" />
<p>This module implements an interface to the <em class="manpage">crypt(3)</em> routine, which is
a one-way hash function based upon a modified DES algorithm; see the Unix man
page for further details. Possible uses include storing hashed passwords
so you can check passwords without storing the actual password, or attempting
to crack Unix passwords with a dictionary.</p>
<p id="index-1">Notice that the behavior of this module depends on the actual implementation of
the <em class="manpage">crypt(3)</em> routine in the running system. Therefore, any
extensions available on the current implementation will also be available on
this module.</p>
<div class="section" id="hashing-methods">
<h2>35.5.1. Hashing Methods<a class="headerlink" href="#hashing-methods" title="Permalink to this headline">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal"><span class="pre">crypt</span></code></a> module defines the list of hashing methods (not all methods
are available on all platforms):</p>
<dl class="data">
<dt id="crypt.METHOD_SHA512">
<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA512</code><a class="headerlink" href="#crypt.METHOD_SHA512" title="Permalink to this definition">¶</a></dt>
<dd><p>A Modular Crypt Format method with 16 character salt and 86 character
hash. This is the strongest method.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_SHA256">
<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA256</code><a class="headerlink" href="#crypt.METHOD_SHA256" title="Permalink to this definition">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 16 character salt and 43
character hash.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_MD5">
<code class="descclassname">crypt.</code><code class="descname">METHOD_MD5</code><a class="headerlink" href="#crypt.METHOD_MD5" title="Permalink to this definition">¶</a></dt>
<dd><p>Another Modular Crypt Format method with 8 character salt and 22
character hash.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_CRYPT">
<code class="descclassname">crypt.</code><code class="descname">METHOD_CRYPT</code><a class="headerlink" href="#crypt.METHOD_CRYPT" title="Permalink to this definition">¶</a></dt>
<dd><p>The traditional method with a 2 character salt and 13 characters of
hash. This is the weakest method.</p>
</dd></dl>
</div>
<div class="section" id="module-attributes">
<h2>35.5.2. Module Attributes<a class="headerlink" href="#module-attributes" title="Permalink to this headline">¶</a></h2>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
<dl class="attribute">
<dt id="crypt.methods">
<code class="descclassname">crypt.</code><code class="descname">methods</code><a class="headerlink" href="#crypt.methods" title="Permalink to this definition">¶</a></dt>
<dd><p>A list of available password hashing algorithms, as
<code class="docutils literal"><span class="pre">crypt.METHOD_*</span></code> objects. This list is sorted from strongest to
weakest, and is guaranteed to have at least <code class="docutils literal"><span class="pre">crypt.METHOD_CRYPT</span></code>.</p>
</dd></dl>
</div>
<div class="section" id="module-functions">
<h2>35.5.3. Module Functions<a class="headerlink" href="#module-functions" title="Permalink to this headline">¶</a></h2>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal"><span class="pre">crypt</span></code></a> module defines the following functions:</p>
<dl class="function">
<dt id="crypt.crypt">
<code class="descclassname">crypt.</code><code class="descname">crypt</code><span class="sig-paren">(</span><em>word</em>, <em>salt=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.crypt" title="Permalink to this definition">¶</a></dt>
<dd><p><em>word</em> will usually be a user’s password as typed at a prompt or in a graphical
interface. The optional <em>salt</em> is either a string as returned from
<a class="reference internal" href="#crypt.mksalt" title="crypt.mksalt"><code class="xref py py-func docutils literal"><span class="pre">mksalt()</span></code></a>, one of the <code class="docutils literal"><span class="pre">crypt.METHOD_*</span></code> values (though not all
may be available on all platforms), or a full encrypted password
including salt, as returned by this function. If <em>salt</em> is not
provided, the strongest method will be used (as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal"><span class="pre">methods()</span></code></a>.</p>
<p>Checking a password is usually done by passing the plain-text password
as <em>word</em> and the full results of a previous <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal"><span class="pre">crypt()</span></code></a> call,
which should be the same as the results of this call.</p>
<p><em>salt</em> (either a random 2 or 16 character string, possibly prefixed with
<code class="docutils literal"><span class="pre">$digit$</span></code> to indicate the method) which will be used to perturb the
encryption algorithm. The characters in <em>salt</em> must be in the set
<code class="docutils literal"><span class="pre">[./a-zA-Z0-9]</span></code>, with the exception of Modular Crypt Format which
prefixes a <code class="docutils literal"><span class="pre">$digit$</span></code>.</p>
<p>Returns the hashed password as a string, which will be composed of
characters from the same alphabet as the salt.</p>
<p id="index-2">Since a few <em class="manpage">crypt(3)</em> extensions allow different values, with
different sizes in the <em>salt</em>, it is recommended to use the full crypted
password as salt when checking for a password.</p>
<div class="versionchanged">
<p><span class="versionmodified">Changed in version 3.3: </span>Accept <code class="docutils literal"><span class="pre">crypt.METHOD_*</span></code> values in addition to strings for <em>salt</em>.</p>
</div>
</dd></dl>
<dl class="function">
<dt id="crypt.mksalt">
<code class="descclassname">crypt.</code><code class="descname">mksalt</code><span class="sig-paren">(</span><em>method=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.mksalt" title="Permalink to this definition">¶</a></dt>
<dd><p>Return a randomly generated salt of the specified method. If no
<em>method</em> is given, the strongest method available as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal"><span class="pre">methods()</span></code></a> is used.</p>
<p>The return value is a string either of 2 characters in length for
<code class="docutils literal"><span class="pre">crypt.METHOD_CRYPT</span></code>, or 19 characters starting with <code class="docutils literal"><span class="pre">$digit$</span></code> and
16 random characters from the set <code class="docutils literal"><span class="pre">[./a-zA-Z0-9]</span></code>, suitable for
passing as the <em>salt</em> argument to <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal"><span class="pre">crypt()</span></code></a>.</p>
<div class="versionadded">
<p><span class="versionmodified">New in version 3.3.</span></p>
</div>
</dd></dl>
</div>
<div class="section" id="examples">
<h2>35.5.4. Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2>
<p>A simple example illustrating typical use (a constant-time comparison
operation is needed to limit exposure to timing attacks.
<a class="reference internal" href="hmac.html#hmac.compare_digest" title="hmac.compare_digest"><code class="xref py py-func docutils literal"><span class="pre">hmac.compare_digest()</span></code></a> is suitable for this purpose):</p>
<div class="highlight-python3"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">pwd</span>
<span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>
<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>
<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">'Python login: '</span><span class="p">)</span>
<span class="n">cryptedpasswd</span> <span class="o">=</span> <span class="n">pwd</span><span class="o">.</span><span class="n">getpwnam</span><span class="p">(</span><span class="n">username</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
<span class="k">if</span> <span class="n">cryptedpasswd</span><span class="p">:</span>
<span class="k">if</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">'x'</span> <span class="ow">or</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">'*'</span><span class="p">:</span>
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s1">'no support for shadow passwords'</span><span class="p">)</span>
<span class="n">cleartext</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">()</span>
<span class="k">return</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">cleartext</span><span class="p">,</span> <span class="n">cryptedpasswd</span><span class="p">),</span> <span class="n">cryptedpasswd</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="kc">True</span>
</pre></div>
</div>
<p>To generate a hash of a password using the strongest available method and
check it against the original:</p>
<div class="highlight-python3"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>
<span class="n">hashed</span> <span class="o">=</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)):</span>
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">"hashed version doesn't validate against original"</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3><a href="../contents.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">35.5. <code class="docutils literal"><span class="pre">crypt</span></code> — Function to check Unix passwords</a><ul>
<li><a class="reference internal" href="#hashing-methods">35.5.1. Hashing Methods</a></li>
<li><a class="reference internal" href="#module-attributes">35.5.2. Module Attributes</a></li>
<li><a class="reference internal" href="#module-functions">35.5.3. Module Functions</a></li>
<li><a class="reference internal" href="#examples">35.5.4. Examples</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="grp.html"
title="previous chapter">35.4. <code class="docutils literal"><span class="pre">grp</span></code> — The group database</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="termios.html"
title="next chapter">35.6. <code class="docutils literal"><span class="pre">termios</span></code> — POSIX style tty control</a></p>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../bugs.html">Report a Bug</a></li>
<li><a href="../_sources/library/crypt.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="termios.html" title="35.6. termios — POSIX style tty control"
>next</a> |</li>
<li class="right" >
<a href="grp.html" title="35.4. grp — The group database"
>previous</a> |</li>
<li><img src="../_static/py.png" alt=""
style="vertical-align: middle; margin-top: -1px"/></li>
<li><a href="https://www.python.org/">Python</a> »</li>
<li>
<span class="version_switcher_placeholder">3.5.3</span>
<a href="../index.html">Documentation </a> »
</li>
<li class="nav-item nav-item-1"><a href="index.html" >The Python Standard Library</a> »</li>
<li class="nav-item nav-item-2"><a href="unix.html" >35. Unix Specific Services</a> »</li>
<li class="right">
<div class="inline-search" style="display: none" role="search">
<form class="inline-search" action="../search.html" method="get">
<input placeholder="Quick search" type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<script type="text/javascript">$('.inline-search').show(0);</script>
|
</li>
</ul>
</div>
<div class="footer">
© <a href="../copyright.html">Copyright</a> 2001-2017, Python Software Foundation.
<br />
The Python Software Foundation is a non-profit corporation.
<a href="https://www.python.org/psf/donations/">Please donate.</a>
<br />
Last updated on Jan 20, 2017.
<a href="../bugs.html">Found a bug</a>?
<br />
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.3.3.
</div>
</body>
</html>
