Velocity Reviews > Generating salt for crypt

# Generating salt for crypt

Florian Lindner
Guest
Posts: n/a

 03-03-2004
Hello,
what is the best way to generate a random salt for the crypt function?
I'm rather a python newbie...
Thx,
Florian

Dietrich Epp
Guest
Posts: n/a

 03-06-2004
Salt is just two random characters from [./A-Za-z0-9], giving 4096
possibilities.

from random import randint
import crypt
import string

salt_chars = './' + string.ascii_letters + string.digits

def crypt_password(password):
salt = salt_chars[randint(0, 63)] + salt_chars[rand_int(0, 63)]
return crypt(password, salt)

Ok, so the paranoids would point out that random.randint() might not be
sufficiently random... but we don't need cryptographically strong
random numbers. No attack on crypt() depends on guessing the salt, the
salt is in the output anyway. [see for yourself...
crypt.crypt('foobar','//') => '//f1Jm145Q9jA']

So to check a password you would...

def check_password(crypted_password, password):
salt = crypted_password[:2]
return crypt(password, salt) == crypted_password

If you're writing something new (i.e. you are not using existing
password databases) then crypt() is a poor choice. It's only available
on Unix, and ignores characters past the first 8. MD5 and SHA-1 are
better choices, but you'll have to handle the salt yourself.

For example, you could do...

import sha

def crypt_password(username, password):
return sha.sha('%i %s%i %s' % (len(username), username,
len(password), password))

Putting the username with the password serves the same function as salt.

On Mar 3, 2004, at 5:12 AM, Florian Lindner wrote:

> Hello,
> what is the best way to generate a random salt for the crypt function?
> I'm rather a python newbie...
> Thx,
> Florian
> --
> http://mail.python.org/mailman/listinfo/python-list
>

 Thread Tools

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is OffTrackbacks are On Pingbacks are On Refbacks are Off Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post Cosmia Luna Python 4 03-11-2012 10:10 AM asg Perl Misc 3 12-23-2005 10:55 PM =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?= ASP .Net 0 01-02-2004 06:21 AM =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?= ASP .Net 0 12-31-2003 09:56 AM AdrianK Perl 0 07-09-2003 09:32 AM

Advertisments