2
:mod:`crypt` --- Function to check Unix passwords
3
=================================================
7
:synopsis: The crypt() function used to check Unix passwords.
8
.. moduleauthor:: Steven D. Majewski <sdm7g@virginia.edu>
9
.. sectionauthor:: Steven D. Majewski <sdm7g@virginia.edu>
10
.. sectionauthor:: Peter Funk <pf@artcom-gmbh.de>
17
This module implements an interface to the :manpage:`crypt(3)` routine, which is
18
a one-way hash function based upon a modified DES algorithm; see the Unix man
19
page for further details. Possible uses include allowing Python scripts to
20
accept typed passwords from the user, or attempting to crack Unix passwords with
23
.. index:: single: crypt(3)
25
Notice that the behavior of this module depends on the actual implementation of
26
the :manpage:`crypt(3)` routine in the running system. Therefore, any
27
extensions available on the current implementation will also be available on
31
.. function:: crypt(word, salt)
33
*word* will usually be a user's password as typed at a prompt or in a graphical
34
interface. *salt* is usually a random two-character string which will be used
35
to perturb the DES algorithm in one of 4096 ways. The characters in *salt* must
36
be in the set ``[./a-zA-Z0-9]``. Returns the hashed password as a string, which
37
will be composed of characters from the same alphabet as the salt (the first two
38
characters represent the salt itself).
40
.. index:: single: crypt(3)
42
Since a few :manpage:`crypt(3)` extensions allow different values, with
43
different sizes in the *salt*, it is recommended to use the full crypted
44
password as salt when checking for a password.
46
A simple example illustrating typical use::
48
import crypt, getpass, pwd
51
username = input('Python login:')
52
cryptedpasswd = pwd.getpwnam(username)[1]
54
if cryptedpasswd == 'x' or cryptedpasswd == '*':
55
raise "Sorry, currently no support for shadow passwords"
56
cleartext = getpass.getpass()
57
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd