How to re-implement the crypt.crypt function?

Discussion in 'Python' started by Cosmia Luna, Mar 10, 2012.

  1. Cosmia Luna

    Cosmia Luna Guest

    I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

    crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.

    '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1'

    I tried:

    from hashlib import sha512
    from base64 import b64encode, b64decode

    salt='ds41p/9VMA.BHH0U'
    pwd='123456'

    b64encode( sha512(pwd+salt).digest(), altchars='./' )
    b64encode( sha512(salt+pwd).digest(), altchars='./' )
    b64encode( sha512( pwd + b64decode(salt, altchars='./') ).digest(), altchars='./')
    b64encode( sha512( b64decode(salt, altchars='./') + pwd ).digest(), altchars='./')

    of course none of the four returns the value I want, 'yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1', how can I get the value? I can't use crypt.crypt because of the consideration of cross-platform.

    Thanks,
    Cosmia
     
    Cosmia Luna, Mar 10, 2012
    #1
    1. Advertising

  2. Cosmia Luna

    Roy Smith Guest

    In article
    <28304124.1374.1331408016748.JavaMail.geo-discussion-forums@yncd8>,
    Cosmia Luna <> wrote:

    > I'm not searching for a full solution and only want to know how to use
    > hashlib to create a equivalent string like
    >
    > crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.
    >
    > '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49JhwCarIowO
    > frrNPD/PpYT3n6oNDIbjAONh8RXt1'
    > [...]
    > I can't use crypt.crypt because of the
    > consideration of cross-platform.


    Just out of curiosity, why do you want to do this? The python crypt
    module uses the crypt library supplied by the operating system (which is
    why it only works on unix). The algorithm implemented is a modification
    of DES, i.e. a salt string is used to change some of the tables used in
    the DES computation. It goes back to the ancient days of unix.

    By today's standards, the algorithm isn't considered very strong. The
    only place I'm aware that uses it is unix password files, and even there
    many (most?) systems have replaced it with something stronger such as
    SHA1. Maybe Apache .htaccess files?

    I don't know what your use case is, but unless you're doing something
    silly like trying to execute a dictionary attack against a unix password
    file, it's almost certain that you'd do better to just use SHA1.
     
    Roy Smith, Mar 10, 2012
    #2
    1. Advertising

  3. Cosmia Luna

    Roy Smith Guest

    In article <>,
    Christian Heimes <> wrote:

    > Am 10.03.2012 21:15, schrieb Roy Smith:
    > > By today's standards, the algorithm isn't considered very strong. The
    > > only place I'm aware that uses it is unix password files, and even there
    > > many (most?) systems have replaced it with something stronger such as
    > > SHA1. Maybe Apache .htaccess files?

    >
    > The algorithm with identifier 6 is a SHA-512 crypt algorithm with a
    > lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's
    > the default algorithm on modern Linux machines and believed to be very
    > secure.
    >
    > The large salt makes a rainbow table attack impossible and the 40,000
    > rounds require a lot of CPU time, even on modern systems.


    But is that what crypt.crypt() does? I though it implemented the
    old-style triple-DES.
     
    Roy Smith, Mar 10, 2012
    #3
  4. Cosmia Luna

    Cosmia Luna Guest

    On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote:
    > Am 10.03.2012 20:33, schrieb Cosmia Luna:
    > > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

    >
    > If you chance your mind and choose to use a full solution, then I highly
    > recommend passlib [1]. It has an implementation of SHA-512 crypt as
    > indicated by the number 6 in the header of your string.
    >
    > By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just
    > "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier.
    >
    > Christian
    >
    > [1] http://packages.python.org/passlib/


    PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility.

    Thanks a lot.

    But I still want to know how it is implemented, I read passlib's source butI found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process?

    Cosmia
     
    Cosmia Luna, Mar 11, 2012
    #4
  5. Cosmia Luna

    Cosmia Luna Guest

    On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote:
    > Am 10.03.2012 20:33, schrieb Cosmia Luna:
    > > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

    >
    > If you chance your mind and choose to use a full solution, then I highly
    > recommend passlib [1]. It has an implementation of SHA-512 crypt as
    > indicated by the number 6 in the header of your string.
    >
    > By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just
    > "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier.
    >
    > Christian
    >
    > [1] http://packages.python.org/passlib/


    PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility.

    Thanks a lot.

    But I still want to know how it is implemented, I read passlib's source butI found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process?

    Cosmia
     
    Cosmia Luna, Mar 11, 2012
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdrianK
    Replies:
    0
    Views:
    1,572
    AdrianK
    Jul 9, 2003
  2. Marco Herrn

    more secure crypt() function

    Marco Herrn, Oct 4, 2003, in forum: Python
    Replies:
    3
    Views:
    382
    Marco Herrn
    Oct 4, 2003
  3. luca72

    python glibc crypt() function

    luca72, Apr 20, 2010, in forum: Python
    Replies:
    9
    Views:
    1,375
    geremy condra
    Apr 21, 2010
  4. petrucci

    Crypt function

    petrucci, Sep 20, 2005, in forum: Perl Misc
    Replies:
    7
    Views:
    155
    Josef Moellers
    Sep 21, 2005
  5. asg

    de-crypt... crypt

    asg, Dec 23, 2005, in forum: Perl Misc
    Replies:
    3
    Views:
    145
Loading...

Share This Page