Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Generating salt for crypt

Reply
Thread Tools

Generating salt for crypt

 
 
Florian Lindner
Guest
Posts: n/a
 
      03-03-2004
Hello,
what is the best way to generate a random salt for the crypt function?
I'm rather a python newbie...
Thx,
Florian
 
Reply With Quote
 
 
 
 
Dietrich Epp
Guest
Posts: n/a
 
      03-06-2004
Salt is just two random characters from [./A-Za-z0-9], giving 4096
possibilities.

from random import randint
import crypt
import string

salt_chars = './' + string.ascii_letters + string.digits

def crypt_password(password):
salt = salt_chars[randint(0, 63)] + salt_chars[rand_int(0, 63)]
return crypt(password, salt)

Ok, so the paranoids would point out that random.randint() might not be
sufficiently random... but we don't need cryptographically strong
random numbers. No attack on crypt() depends on guessing the salt, the
salt is in the output anyway. [see for yourself...
crypt.crypt('foobar','//') => '//f1Jm145Q9jA']

So to check a password you would...

def check_password(crypted_password, password):
salt = crypted_password[:2]
return crypt(password, salt) == crypted_password

If you're writing something new (i.e. you are not using existing
password databases) then crypt() is a poor choice. It's only available
on Unix, and ignores characters past the first 8. MD5 and SHA-1 are
better choices, but you'll have to handle the salt yourself.

For example, you could do...

import sha

def crypt_password(username, password):
return sha.sha('%i %s%i %s' % (len(username), username,
len(password), password))

Putting the username with the password serves the same function as salt.

On Mar 3, 2004, at 5:12 AM, Florian Lindner wrote:

> Hello,
> what is the best way to generate a random salt for the crypt function?
> I'm rather a python newbie...
> Thx,
> Florian
> --
> http://mail.python.org/mailman/listinfo/python-list
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to re-implement the crypt.crypt function? Cosmia Luna Python 4 03-11-2012 10:10 AM
de-crypt... crypt asg Perl Misc 3 12-23-2005 10:55 PM
Speech Apllication using SALT =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?= ASP .Net 0 01-02-2004 06:21 AM
Speech Web Application using SALT =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?= ASP .Net 0 12-31-2003 09:56 AM
Crypt RSA install (Problem with Crypt::Primes) AdrianK Perl 0 07-09-2003 09:32 AM



Advertisments