python-project/python-3.7.4-docs-html/library/crypt.html
Caleb Fontenot 335515d331 add files
2019-07-15 09:16:41 -07:00

353 lines
22 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>crypt — Function to check Unix passwords &#8212; Python 3.7.4 documentation</title>
<link rel="stylesheet" href="../_static/pydoctheme.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/language_data.js"></script>
<script type="text/javascript" src="../_static/sidebar.js"></script>
<link rel="search" type="application/opensearchdescription+xml"
title="Search within Python 3.7.4 documentation"
href="../_static/opensearch.xml"/>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="next" title="termios — POSIX style tty control" href="termios.html" />
<link rel="prev" title="grp — The group database" href="grp.html" />
<link rel="shortcut icon" type="image/png" href="../_static/py.png" />
<link rel="canonical" href="https://docs.python.org/3/library/crypt.html" />
<script type="text/javascript" src="../_static/copybutton.js"></script>
<script type="text/javascript" src="../_static/switchers.js"></script>
<style>
@media only screen {
table.full-width-table {
width: 100%;
}
}
</style>
</head><body>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="termios.html" title="termios — POSIX style tty control"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="grp.html" title="grp — The group database"
accesskey="P">previous</a> |</li>
<li><img src="../_static/py.png" alt=""
style="vertical-align: middle; margin-top: -1px"/></li>
<li><a href="https://www.python.org/">Python</a> &#187;</li>
<li>
<span class="language_switcher_placeholder">en</span>
<span class="version_switcher_placeholder">3.7.4</span>
<a href="../index.html">Documentation </a> &#187;
</li>
<li class="nav-item nav-item-1"><a href="index.html" >The Python Standard Library</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="unix.html" accesskey="U">Unix Specific Services</a> &#187;</li>
<li class="right">
<div class="inline-search" style="display: none" role="search">
<form class="inline-search" action="../search.html" method="get">
<input placeholder="Quick search" type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<script type="text/javascript">$('.inline-search').show(0);</script>
|
</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="module-crypt">
<span id="crypt-function-to-check-unix-passwords"></span><h1><a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> — Function to check Unix passwords<a class="headerlink" href="#module-crypt" title="Permalink to this headline"></a></h1>
<p><strong>Source code:</strong> <a class="reference external" href="https://github.com/python/cpython/tree/3.7/Lib/crypt.py">Lib/crypt.py</a></p>
<hr class="docutils" id="index-0" />
<p>This module implements an interface to the <em class="manpage">crypt(3)</em> routine, which is
a one-way hash function based upon a modified DES algorithm; see the Unix man
page for further details. Possible uses include storing hashed passwords
so you can check passwords without storing the actual password, or attempting
to crack Unix passwords with a dictionary.</p>
<p id="index-1">Notice that the behavior of this module depends on the actual implementation of
the <em class="manpage">crypt(3)</em> routine in the running system. Therefore, any
extensions available on the current implementation will also be available on
this module.</p>
<div class="section" id="hashing-methods">
<h2>Hashing Methods<a class="headerlink" href="#hashing-methods" title="Permalink to this headline"></a></h2>
<div class="versionadded">
<p><span class="versionmodified added">New in version 3.3.</span></p>
</div>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the list of hashing methods (not all methods
are available on all platforms):</p>
<dl class="data">
<dt id="crypt.METHOD_SHA512">
<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA512</code><a class="headerlink" href="#crypt.METHOD_SHA512" title="Permalink to this definition"></a></dt>
<dd><p>A Modular Crypt Format method with 16 character salt and 86 character
hash based on the SHA-512 hash function. This is the strongest method.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_SHA256">
<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA256</code><a class="headerlink" href="#crypt.METHOD_SHA256" title="Permalink to this definition"></a></dt>
<dd><p>Another Modular Crypt Format method with 16 character salt and 43
character hash based on the SHA-256 hash function.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_BLOWFISH">
<code class="descclassname">crypt.</code><code class="descname">METHOD_BLOWFISH</code><a class="headerlink" href="#crypt.METHOD_BLOWFISH" title="Permalink to this definition"></a></dt>
<dd><p>Another Modular Crypt Format method with 22 character salt and 31
character hash based on the Blowfish cipher.</p>
<div class="versionadded">
<p><span class="versionmodified added">New in version 3.7.</span></p>
</div>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_MD5">
<code class="descclassname">crypt.</code><code class="descname">METHOD_MD5</code><a class="headerlink" href="#crypt.METHOD_MD5" title="Permalink to this definition"></a></dt>
<dd><p>Another Modular Crypt Format method with 8 character salt and 22
character hash based on the MD5 hash function.</p>
</dd></dl>
<dl class="data">
<dt id="crypt.METHOD_CRYPT">
<code class="descclassname">crypt.</code><code class="descname">METHOD_CRYPT</code><a class="headerlink" href="#crypt.METHOD_CRYPT" title="Permalink to this definition"></a></dt>
<dd><p>The traditional method with a 2 character salt and 13 characters of
hash. This is the weakest method.</p>
</dd></dl>
</div>
<div class="section" id="module-attributes">
<h2>Module Attributes<a class="headerlink" href="#module-attributes" title="Permalink to this headline"></a></h2>
<div class="versionadded">
<p><span class="versionmodified added">New in version 3.3.</span></p>
</div>
<dl class="attribute">
<dt id="crypt.methods">
<code class="descclassname">crypt.</code><code class="descname">methods</code><a class="headerlink" href="#crypt.methods" title="Permalink to this definition"></a></dt>
<dd><p>A list of available password hashing algorithms, as
<code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> objects. This list is sorted from strongest to
weakest.</p>
</dd></dl>
</div>
<div class="section" id="module-functions">
<h2>Module Functions<a class="headerlink" href="#module-functions" title="Permalink to this headline"></a></h2>
<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the following functions:</p>
<dl class="function">
<dt id="crypt.crypt">
<code class="descclassname">crypt.</code><code class="descname">crypt</code><span class="sig-paren">(</span><em>word</em>, <em>salt=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.crypt" title="Permalink to this definition"></a></dt>
<dd><p><em>word</em> will usually be a users password as typed at a prompt or in a graphical
interface. The optional <em>salt</em> is either a string as returned from
<a class="reference internal" href="#crypt.mksalt" title="crypt.mksalt"><code class="xref py py-func docutils literal notranslate"><span class="pre">mksalt()</span></code></a>, one of the <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values (though not all
may be available on all platforms), or a full encrypted password
including salt, as returned by this function. If <em>salt</em> is not
provided, the strongest method will be used (as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a>).</p>
<p>Checking a password is usually done by passing the plain-text password
as <em>word</em> and the full results of a previous <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a> call,
which should be the same as the results of this call.</p>
<p><em>salt</em> (either a random 2 or 16 character string, possibly prefixed with
<code class="docutils literal notranslate"><span class="pre">$digit$</span></code> to indicate the method) which will be used to perturb the
encryption algorithm. The characters in <em>salt</em> must be in the set
<code class="docutils literal notranslate"><span class="pre">[./a-zA-Z0-9]</span></code>, with the exception of Modular Crypt Format which
prefixes a <code class="docutils literal notranslate"><span class="pre">$digit$</span></code>.</p>
<p>Returns the hashed password as a string, which will be composed of
characters from the same alphabet as the salt.</p>
<p id="index-2">Since a few <em class="manpage">crypt(3)</em> extensions allow different values, with
different sizes in the <em>salt</em>, it is recommended to use the full crypted
password as salt when checking for a password.</p>
<div class="versionchanged">
<p><span class="versionmodified changed">Changed in version 3.3: </span>Accept <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values in addition to strings for <em>salt</em>.</p>
</div>
</dd></dl>
<dl class="function">
<dt id="crypt.mksalt">
<code class="descclassname">crypt.</code><code class="descname">mksalt</code><span class="sig-paren">(</span><em>method=None</em>, <em>*</em>, <em>rounds=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.mksalt" title="Permalink to this definition"></a></dt>
<dd><p>Return a randomly generated salt of the specified method. If no
<em>method</em> is given, the strongest method available as returned by
<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a> is used.</p>
<p>The return value is a string suitable for passing as the <em>salt</em> argument
to <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a>.</p>
<p><em>rounds</em> specifies the number of rounds for <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code>,
<code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code>.
For <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> it must be an integer between
<code class="docutils literal notranslate"><span class="pre">1000</span></code> and <code class="docutils literal notranslate"><span class="pre">999_999_999</span></code>, the default is <code class="docutils literal notranslate"><span class="pre">5000</span></code>. For
<code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code> it must be a power of two between <code class="docutils literal notranslate"><span class="pre">16</span></code> (2<sup>4</sup>)
and <code class="docutils literal notranslate"><span class="pre">2_147_483_648</span></code> (2<sup>31</sup>), the default is <code class="docutils literal notranslate"><span class="pre">4096</span></code>
(2<sup>12</sup>).</p>
<div class="versionadded">
<p><span class="versionmodified added">New in version 3.3.</span></p>
</div>
<div class="versionchanged">
<p><span class="versionmodified changed">Changed in version 3.7: </span>Added the <em>rounds</em> parameter.</p>
</div>
</dd></dl>
</div>
<div class="section" id="examples">
<h2>Examples<a class="headerlink" href="#examples" title="Permalink to this headline"></a></h2>
<p>A simple example illustrating typical use (a constant-time comparison
operation is needed to limit exposure to timing attacks.
<a class="reference internal" href="hmac.html#hmac.compare_digest" title="hmac.compare_digest"><code class="xref py py-func docutils literal notranslate"><span class="pre">hmac.compare_digest()</span></code></a> is suitable for this purpose):</p>
<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">pwd</span>
<span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>
<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>
<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">&#39;Python login: &#39;</span><span class="p">)</span>
<span class="n">cryptedpasswd</span> <span class="o">=</span> <span class="n">pwd</span><span class="o">.</span><span class="n">getpwnam</span><span class="p">(</span><span class="n">username</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
<span class="k">if</span> <span class="n">cryptedpasswd</span><span class="p">:</span>
<span class="k">if</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;x&#39;</span> <span class="ow">or</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;*&#39;</span><span class="p">:</span>
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s1">&#39;no support for shadow passwords&#39;</span><span class="p">)</span>
<span class="n">cleartext</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">()</span>
<span class="k">return</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">cleartext</span><span class="p">,</span> <span class="n">cryptedpasswd</span><span class="p">),</span> <span class="n">cryptedpasswd</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="kc">True</span>
</pre></div>
</div>
<p>To generate a hash of a password using the strongest available method and
check it against the original:</p>
<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">crypt</span>
<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>
<span class="n">hashed</span> <span class="o">=</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)):</span>
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">&quot;hashed version doesn&#39;t validate against original&quot;</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3><a href="../contents.html">Table of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code> — Function to check Unix passwords</a><ul>
<li><a class="reference internal" href="#hashing-methods">Hashing Methods</a></li>
<li><a class="reference internal" href="#module-attributes">Module Attributes</a></li>
<li><a class="reference internal" href="#module-functions">Module Functions</a></li>
<li><a class="reference internal" href="#examples">Examples</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="grp.html"
title="previous chapter"><code class="xref py py-mod docutils literal notranslate"><span class="pre">grp</span></code> — The group database</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="termios.html"
title="next chapter"><code class="xref py py-mod docutils literal notranslate"><span class="pre">termios</span></code> — POSIX style tty control</a></p>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../bugs.html">Report a Bug</a></li>
<li>
<a href="https://github.com/python/cpython/blob/3.7/Doc/library/crypt.rst"
rel="nofollow">Show Source
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="termios.html" title="termios — POSIX style tty control"
>next</a> |</li>
<li class="right" >
<a href="grp.html" title="grp — The group database"
>previous</a> |</li>
<li><img src="../_static/py.png" alt=""
style="vertical-align: middle; margin-top: -1px"/></li>
<li><a href="https://www.python.org/">Python</a> &#187;</li>
<li>
<span class="language_switcher_placeholder">en</span>
<span class="version_switcher_placeholder">3.7.4</span>
<a href="../index.html">Documentation </a> &#187;
</li>
<li class="nav-item nav-item-1"><a href="index.html" >The Python Standard Library</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="unix.html" >Unix Specific Services</a> &#187;</li>
<li class="right">
<div class="inline-search" style="display: none" role="search">
<form class="inline-search" action="../search.html" method="get">
<input placeholder="Quick search" type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<script type="text/javascript">$('.inline-search').show(0);</script>
|
</li>
</ul>
</div>
<div class="footer">
&copy; <a href="../copyright.html">Copyright</a> 2001-2019, Python Software Foundation.
<br />
The Python Software Foundation is a non-profit corporation.
<a href="https://www.python.org/psf/donations/">Please donate.</a>
<br />
Last updated on Jul 13, 2019.
<a href="../bugs.html">Found a bug</a>?
<br />
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 2.0.1.
</div>
</body>
</html>