Generating salt for crypt

Discussion in 'Python' started by Florian Lindner, Mar 3, 2004.

  1. Hello,
    what is the best way to generate a random salt for the crypt function?
    I'm rather a python newbie... ;-)
    Thx,
    Florian
     
    Florian Lindner, Mar 3, 2004
    #1
    1. Advertising

  2. Florian Lindner

    Dietrich Epp Guest

    Salt is just two random characters from [./A-Za-z0-9], giving 4096
    possibilities.

    from random import randint
    import crypt
    import string

    salt_chars = './' + string.ascii_letters + string.digits

    def crypt_password(password):
    salt = salt_chars[randint(0, 63)] + salt_chars[rand_int(0, 63)]
    return crypt(password, salt)

    Ok, so the paranoids would point out that random.randint() might not be
    sufficiently random... but we don't need cryptographically strong
    random numbers. No attack on crypt() depends on guessing the salt, the
    salt is in the output anyway. [see for yourself...
    crypt.crypt('foobar','//') => '//f1Jm145Q9jA']

    So to check a password you would...

    def check_password(crypted_password, password):
    salt = crypted_password[:2]
    return crypt(password, salt) == crypted_password

    If you're writing something new (i.e. you are not using existing
    password databases) then crypt() is a poor choice. It's only available
    on Unix, and ignores characters past the first 8. MD5 and SHA-1 are
    better choices, but you'll have to handle the salt yourself.

    For example, you could do...

    import sha

    def crypt_password(username, password):
    return sha.sha('%i %s%i %s' % (len(username), username,
    len(password), password))

    Putting the username with the password serves the same function as salt.

    On Mar 3, 2004, at 5:12 AM, Florian Lindner wrote:

    > Hello,
    > what is the best way to generate a random salt for the crypt function?
    > I'm rather a python newbie... ;-)
    > Thx,
    > Florian
    > --
    > http://mail.python.org/mailman/listinfo/python-list
    >
     
    Dietrich Epp, Mar 6, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdrianK
    Replies:
    0
    Views:
    1,571
    AdrianK
    Jul 9, 2003
  2. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Web Application using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Dec 31, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    392
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Dec 31, 2003
  3. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Apllication using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Jan 2, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    379
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Jan 2, 2004
  4. Cosmia Luna
    Replies:
    4
    Views:
    345
    Cosmia Luna
    Mar 11, 2012
  5. asg

    de-crypt... crypt

    asg, Dec 23, 2005, in forum: Perl Misc
    Replies:
    3
    Views:
    145
Loading...

Share This Page