Doc/lib/libcrypt.tex

   1 \section{\module{crypt} ---
   2          Function to check \UNIX{} passwords}
   3
   4 \declaremodule{builtin}{crypt}
   5   \platform{Unix}
   6 \modulesynopsis{The \cfunction{crypt()} function used to check
   7   \UNIX{} passwords.}
   8 \moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu}
   9 \sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu}
  10 \sectionauthor{Peter Funk}{pf@artcom-gmbh.de}
  11
  12
  13 This module implements an interface to the
  14 \manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
  15 function based upon a modified DES\indexii{cipher}{DES} algorithm; see
  16 the \UNIX{} man page for further details.  Possible uses include
  17 allowing Python scripts to accept typed passwords from the user, or
  18 attempting to crack \UNIX{} passwords with a dictionary.
  19
  20 \begin{funcdesc}{crypt}{word, salt}
  21   \var{word} will usually be a user's password as typed at a prompt or
  22   in a graphical interface.  \var{salt} is usually a random
  23   two-character string which will be used to perturb the DES algorithm
  24   in one of 4096 ways.  The characters in \var{salt} must be in the
  25   set \regexp{[./a-zA-Z0-9]}.  Returns the hashed password as a
  26   string, which will be composed of characters from the same alphabet
  27    as the salt (the first two characters represent the salt itself).
  28 \end{funcdesc}
  29
  30
  31 A simple example illustrating typical use:
  32
  33 \begin{verbatim}
  34 import crypt, getpass, pwd
  35
  36 def login():
  37     username = raw_input('Python login:')
  38     cryptedpasswd = pwd.getpwnam(username)[1]
  39     if cryptedpasswd:
  40         if cryptedpasswd == 'x' or cryptedpasswd == '*':
  41             raise "Sorry, currently no support for shadow passwords"
  42         cleartext = getpass.getpass()
  43         return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd
  44     else:
  45         return 1
  46 \end{verbatim}