Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder7.xlned.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.014
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'rounds': 0.07; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'algorithm': 0.13; '1024': 0.16; 'identifier': 0.16; 'roy': 0.16; 'subject:function': 0.16; 'linux': 0.17; 'apache': 0.21; 'maybe': 0.21; 'header:In-Reply-To:1': 0.22; 'systems.': 0.23; "i'm": 0.28; 'replaced': 0.29; 'stronger': 0.30; 'subject:?': 0.31; "isn't": 0.33; 'there': 0.33; 'header:User-Agent:1': 0.33; 'header:X -Complaints-To:1': 0.34; 'to:addr:python-list': 0.35; 'something': 0.35; 'subject:How': 0.35; 'received:org': 0.36; 'uses': 0.38; 'received:de': 0.39; 'received:78': 0.40; 'to:addr:python.org': 0.40; 'secure.': 0.67; "today's": 0.68; 'salt': 0.77; '40,000': 0.84; 'lengthy': 0.84
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Christian Heimes <lists@cheimes.de>
Subject: Re: How to re-implement the crypt.crypt function?
Date: Sat, 10 Mar 2012 21:36:42 +0100
References: <28304124.1374.1331408016748.JavaMail.geo-discussion-forums@yncd8> <roy-8C03E0.15154610032012@news.panix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: f048032193.adsl.alicedsl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
In-Reply-To: <roy-8C03E0.15154610032012@news.panix.com>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.551.1331411820.3037.python-list@python.org>
Lines: 17
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1331411820 news.xs4all.nl 6918 [2001:888:2000:d::a6]:37320
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:21468

Am 10.03.2012 21:15, schrieb Roy Smith:
> By today's standards, the algorithm isn't considered very strong.  The 
> only place I'm aware that uses it is unix password files, and even there 
> many (most?) systems have replaced it with something stronger such as 
> SHA1.  Maybe Apache .htaccess files?

The algorithm with identifier 6 is a SHA-512 crypt algorithm with a
lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's
the default algorithm on modern Linux machines and believed to be very
secure.

The large salt makes a rainbow table attack impossible and the 40,000
rounds require a lot of CPU time, even on modern systems.

Christian