Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #21464 > unrolled thread
| Started by | Cosmia Luna <cosmius@gmail.com> |
|---|---|
| First post | 2012-03-10 11:33 -0800 |
| Last post | 2012-03-11 03:10 -0700 |
| Articles | 8 — 3 participants |
Back to article view | Back to comp.lang.python
How to re-implement the crypt.crypt function? Cosmia Luna <cosmius@gmail.com> - 2012-03-10 11:33 -0800
Re: How to re-implement the crypt.crypt function? Roy Smith <roy@panix.com> - 2012-03-10 15:15 -0500
Re: How to re-implement the crypt.crypt function? Christian Heimes <lists@cheimes.de> - 2012-03-10 21:36 +0100
Re: How to re-implement the crypt.crypt function? Roy Smith <roy@panix.com> - 2012-03-10 15:41 -0500
Re: How to re-implement the crypt.crypt function? Christian Heimes <lists@cheimes.de> - 2012-03-10 22:07 +0100
Re: How to re-implement the crypt.crypt function? Christian Heimes <lists@cheimes.de> - 2012-03-10 21:16 +0100
Re: How to re-implement the crypt.crypt function? Cosmia Luna <cosmius@gmail.com> - 2012-03-11 03:10 -0700
Re: How to re-implement the crypt.crypt function? Cosmia Luna <cosmius@gmail.com> - 2012-03-11 03:10 -0700
| From | Cosmia Luna <cosmius@gmail.com> |
|---|---|
| Date | 2012-03-10 11:33 -0800 |
| Subject | How to re-implement the crypt.crypt function? |
| Message-ID | <28304124.1374.1331408016748.JavaMail.geo-discussion-forums@yncd8> |
I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like
crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.
'$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1'
I tried:
from hashlib import sha512
from base64 import b64encode, b64decode
salt='ds41p/9VMA.BHH0U'
pwd='123456'
b64encode( sha512(pwd+salt).digest(), altchars='./' )
b64encode( sha512(salt+pwd).digest(), altchars='./' )
b64encode( sha512( pwd + b64decode(salt, altchars='./') ).digest(), altchars='./')
b64encode( sha512( b64decode(salt, altchars='./') + pwd ).digest(), altchars='./')
of course none of the four returns the value I want, 'yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1', how can I get the value? I can't use crypt.crypt because of the consideration of cross-platform.
Thanks,
Cosmia
[toc] | [next] | [standalone]
| From | Roy Smith <roy@panix.com> |
|---|---|
| Date | 2012-03-10 15:15 -0500 |
| Message-ID | <roy-8C03E0.15154610032012@news.panix.com> |
| In reply to | #21464 |
In article
<28304124.1374.1331408016748.JavaMail.geo-discussion-forums@yncd8>,
Cosmia Luna <cosmius@gmail.com> wrote:
> I'm not searching for a full solution and only want to know how to use
> hashlib to create a equivalent string like
>
> crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.
>
> '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowO
> frrNPD/PpYT3n6oNDIbjAONh8RXt1'
> [...]
> I can't use crypt.crypt because of the
> consideration of cross-platform.
Just out of curiosity, why do you want to do this? The python crypt
module uses the crypt library supplied by the operating system (which is
why it only works on unix). The algorithm implemented is a modification
of DES, i.e. a salt string is used to change some of the tables used in
the DES computation. It goes back to the ancient days of unix.
By today's standards, the algorithm isn't considered very strong. The
only place I'm aware that uses it is unix password files, and even there
many (most?) systems have replaced it with something stronger such as
SHA1. Maybe Apache .htaccess files?
I don't know what your use case is, but unless you're doing something
silly like trying to execute a dictionary attack against a unix password
file, it's almost certain that you'd do better to just use SHA1.
[toc] | [prev] | [next] | [standalone]
| From | Christian Heimes <lists@cheimes.de> |
|---|---|
| Date | 2012-03-10 21:36 +0100 |
| Message-ID | <mailman.551.1331411820.3037.python-list@python.org> |
| In reply to | #21466 |
Am 10.03.2012 21:15, schrieb Roy Smith: > By today's standards, the algorithm isn't considered very strong. The > only place I'm aware that uses it is unix password files, and even there > many (most?) systems have replaced it with something stronger such as > SHA1. Maybe Apache .htaccess files? The algorithm with identifier 6 is a SHA-512 crypt algorithm with a lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's the default algorithm on modern Linux machines and believed to be very secure. The large salt makes a rainbow table attack impossible and the 40,000 rounds require a lot of CPU time, even on modern systems. Christian
[toc] | [prev] | [next] | [standalone]
| From | Roy Smith <roy@panix.com> |
|---|---|
| Date | 2012-03-10 15:41 -0500 |
| Message-ID | <roy-76BBDD.15411210032012@news.panix.com> |
| In reply to | #21468 |
In article <mailman.551.1331411820.3037.python-list@python.org>, Christian Heimes <lists@cheimes.de> wrote: > Am 10.03.2012 21:15, schrieb Roy Smith: > > By today's standards, the algorithm isn't considered very strong. The > > only place I'm aware that uses it is unix password files, and even there > > many (most?) systems have replaced it with something stronger such as > > SHA1. Maybe Apache .htaccess files? > > The algorithm with identifier 6 is a SHA-512 crypt algorithm with a > lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's > the default algorithm on modern Linux machines and believed to be very > secure. > > The large salt makes a rainbow table attack impossible and the 40,000 > rounds require a lot of CPU time, even on modern systems. But is that what crypt.crypt() does? I though it implemented the old-style triple-DES.
[toc] | [prev] | [next] | [standalone]
| From | Christian Heimes <lists@cheimes.de> |
|---|---|
| Date | 2012-03-10 22:07 +0100 |
| Message-ID | <mailman.552.1331413679.3037.python-list@python.org> |
| In reply to | #21469 |
Am 10.03.2012 21:41, schrieb Roy Smith: > But is that what crypt.crypt() does? I though it implemented the > old-style triple-DES. Python's crypt module is an interface to the OS' crypt() function. On some systems the crypt() function supports additional algorithms. You can read it up in the notes section of crypt(3): http://linux.die.net/man/3/crypt Christian
[toc] | [prev] | [next] | [standalone]
| From | Christian Heimes <lists@cheimes.de> |
|---|---|
| Date | 2012-03-10 21:16 +0100 |
| Message-ID | <mailman.550.1331410629.3037.python-list@python.org> |
| In reply to | #21464 |
Am 10.03.2012 20:33, schrieb Cosmia Luna: > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like If you chance your mind and choose to use a full solution, then I highly recommend passlib [1]. It has an implementation of SHA-512 crypt as indicated by the number 6 in the header of your string. By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier. Christian [1] http://packages.python.org/passlib/
[toc] | [prev] | [next] | [standalone]
| From | Cosmia Luna <cosmius@gmail.com> |
|---|---|
| Date | 2012-03-11 03:10 -0700 |
| Message-ID | <17753159.3543.1331460619089.JavaMail.geo-discussion-forums@ynnk21> |
| In reply to | #21467 |
On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote: > Am 10.03.2012 20:33, schrieb Cosmia Luna: > > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like > > If you chance your mind and choose to use a full solution, then I highly > recommend passlib [1]. It has an implementation of SHA-512 crypt as > indicated by the number 6 in the header of your string. > > By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just > "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier. > > Christian > > [1] http://packages.python.org/passlib/ PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility. Thanks a lot. But I still want to know how it is implemented, I read passlib's source but I found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process? Cosmia
[toc] | [prev] | [next] | [standalone]
| From | Cosmia Luna <cosmius@gmail.com> |
|---|---|
| Date | 2012-03-11 03:10 -0700 |
| Message-ID | <mailman.559.1331460622.3037.python-list@python.org> |
| In reply to | #21467 |
On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote: > Am 10.03.2012 20:33, schrieb Cosmia Luna: > > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like > > If you chance your mind and choose to use a full solution, then I highly > recommend passlib [1]. It has an implementation of SHA-512 crypt as > indicated by the number 6 in the header of your string. > > By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just > "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier. > > Christian > > [1] http://packages.python.org/passlib/ PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility. Thanks a lot. But I still want to know how it is implemented, I read passlib's source but I found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process? Cosmia
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web