shithub: riscv

ref: 242403d9f92e14969c1f418e0ee086193e9c9698
dir: /sys/src/cmd/python/Doc/lib/libcrypt.tex/

View raw version
\section{\module{crypt} ---
         Function to check \UNIX{} passwords}

\declaremodule{builtin}{crypt}
  \platform{Unix}
\modulesynopsis{The \cfunction{crypt()} function used to check
  \UNIX\ passwords.}
\moduleauthor{Steven D. Majewski}{[email protected]}
\sectionauthor{Steven D. Majewski}{[email protected]}
\sectionauthor{Peter Funk}{[email protected]}


This module implements an interface to the
\manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash
function based upon a modified DES\indexii{cipher}{DES} algorithm; see
the \UNIX{} man page for further details.  Possible uses include
allowing Python scripts to accept typed passwords from the user, or
attempting to crack \UNIX{} passwords with a dictionary.

Notice that the behavior of this module depends on the actual implementation 
of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system. 
Therefore, any extensions available on the current implementation will also 
be available on this module.
\begin{funcdesc}{crypt}{word, salt} 
  \var{word} will usually be a user's password as typed at a prompt or 
  in a graphical interface.  \var{salt} is usually a random
  two-character string which will be used to perturb the DES algorithm
  in one of 4096 ways.  The characters in \var{salt} must be in the
  set \regexp{[./a-zA-Z0-9]}.  Returns the hashed password as a
  string, which will be composed of characters from the same alphabet
   as the salt (the first two characters represent the salt itself).

  Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
  values, with different sizes in the \var{salt}, it is recommended to use 
  the full crypted password as salt when checking for a password.
\end{funcdesc}


A simple example illustrating typical use:

\begin{verbatim}
import crypt, getpass, pwd

def login():
    username = raw_input('Python login:')
    cryptedpasswd = pwd.getpwnam(username)[1]
    if cryptedpasswd:
        if cryptedpasswd == 'x' or cryptedpasswd == '*': 
            raise "Sorry, currently no support for shadow passwords"
        cleartext = getpass.getpass()
        return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
    else:
        return 1
\end{verbatim}