1
2:mod:`crypt` --- Function to check Unix passwords
3=================================================
4
5.. module:: crypt
6   :platform: Unix
7   :synopsis: The crypt() function used to check Unix passwords.
8.. moduleauthor:: Steven D. Majewski <sdm7g@virginia.edu>
9.. sectionauthor:: Steven D. Majewski <sdm7g@virginia.edu>
10.. sectionauthor:: Peter Funk <pf@artcom-gmbh.de>
11
12
13.. index::
14   single: crypt(3)
15   pair: cipher; DES
16
17This module implements an interface to the :manpage:`crypt(3)` routine, which is
18a one-way hash function based upon a modified DES algorithm; see the Unix man
19page for further details.  Possible uses include allowing Python scripts to
20accept typed passwords from the user, or attempting to crack Unix passwords with
21a dictionary.
22
23.. index:: single: crypt(3)
24
25Notice that the behavior of this module depends on the actual implementation  of
26the :manpage:`crypt(3)` routine in the running system.  Therefore, any
27extensions available on the current implementation will also  be available on
28this module.
29
30
31.. function:: crypt(word, salt)
32
33   *word* will usually be a user's password as typed at a prompt or  in a graphical
34   interface.  *salt* is usually a random two-character string which will be used
35   to perturb the DES algorithm in one of 4096 ways.  The characters in *salt* must
36   be in the set ``[./a-zA-Z0-9]``.  Returns the hashed password as a string, which
37   will be composed of characters from the same alphabet as the salt (the first two
38   characters represent the salt itself).
39
40   .. index:: single: crypt(3)
41
42   Since a few :manpage:`crypt(3)` extensions allow different values, with
43   different sizes in the *salt*, it is recommended to use  the full crypted
44   password as salt when checking for a password.
45
46A simple example illustrating typical use::
47
48   import crypt, getpass, pwd
49
50   def login():
51       username = raw_input('Python login:')
52       cryptedpasswd = pwd.getpwnam(username)[1]
53       if cryptedpasswd:
54           if cryptedpasswd == 'x' or cryptedpasswd == '*':
55               raise NotImplementedError(
56                   "Sorry, currently no support for shadow passwords")
57           cleartext = getpass.getpass()
58           return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
59       else:
60           return 1
61
62