ref: 4bcd247b909898766d549c3990c230cbeb3d17a3
dir: /sys/src/cmd/python/Doc/lib/libcrypt.tex/
\section{\module{crypt} --- Function to check \UNIX{} passwords} \declaremodule{builtin}{crypt} \platform{Unix} \modulesynopsis{The \cfunction{crypt()} function used to check \UNIX\ passwords.} \moduleauthor{Steven D. Majewski}{sdm7g@virginia.edu} \sectionauthor{Steven D. Majewski}{sdm7g@virginia.edu} \sectionauthor{Peter Funk}{pf@artcom-gmbh.de} This module implements an interface to the \manpage{crypt}{3}\index{crypt(3)} routine, which is a one-way hash function based upon a modified DES\indexii{cipher}{DES} algorithm; see the \UNIX{} man page for further details. Possible uses include allowing Python scripts to accept typed passwords from the user, or attempting to crack \UNIX{} passwords with a dictionary. Notice that the behavior of this module depends on the actual implementation of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module. \begin{funcdesc}{crypt}{word, salt} \var{word} will usually be a user's password as typed at a prompt or in a graphical interface. \var{salt} is usually a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways. The characters in \var{salt} must be in the set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt (the first two characters represent the salt itself). Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different values, with different sizes in the \var{salt}, it is recommended to use the full crypted password as salt when checking for a password. \end{funcdesc} A simple example illustrating typical use: \begin{verbatim} import crypt, getpass, pwd def login(): username = raw_input('Python login:') cryptedpasswd = pwd.getpwnam(username)[1] if cryptedpasswd: if cryptedpasswd == 'x' or cryptedpasswd == '*': raise "Sorry, currently no support for shadow passwords" cleartext = getpass.getpass() return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd else: return 1 \end{verbatim}