Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > How to re-implement the crypt.crypt function?

Reply
Thread Tools

How to re-implement the crypt.crypt function?

 
 
Cosmia Luna
Guest
Posts: n/a
 
      03-10-2012
I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.

'$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3c veTvjK49JhwCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1'

I tried:

from hashlib import sha512
from base64 import b64encode, b64decode

salt='ds41p/9VMA.BHH0U'
pwd='123456'

b64encode( sha512(pwd+salt).digest(), altchars='./' )
b64encode( sha512(salt+pwd).digest(), altchars='./' )
b64encode( sha512( pwd + b64decode(salt, altchars='./') ).digest(), altchars='./')
b64encode( sha512( b64decode(salt, altchars='./') + pwd ).digest(), altchars='./')

of course none of the four returns the value I want, 'yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3cveTvjK49Jh wCarIowOfrrNPD/PpYT3n6oNDIbjAONh8RXt1', how can I get the value? I can't use crypt.crypt because of the consideration of cross-platform.

Thanks,
Cosmia
 
Reply With Quote
 
 
 
 
Roy Smith
Guest
Posts: n/a
 
      03-10-2012
In article
<28304124.1374.1331408016748.JavaMail.geo-discussion-forums@yncd8>,
Cosmia Luna <(E-Mail Removed)> wrote:

> I'm not searching for a full solution and only want to know how to use
> hashlib to create a equivalent string like
>
> crypt.crypt('123456', '$6$ds41p/9VMA.BHH0U') returns the string below.
>
> '$6$ds41p/9VMA.BHH0U$yv25s7jLxTRKLDNjIvT0Qc2jbcqdFRi5.PftO3c veTvjK49JhwCarIowO
> frrNPD/PpYT3n6oNDIbjAONh8RXt1'
> [...]
> I can't use crypt.crypt because of the
> consideration of cross-platform.


Just out of curiosity, why do you want to do this? The python crypt
module uses the crypt library supplied by the operating system (which is
why it only works on unix). The algorithm implemented is a modification
of DES, i.e. a salt string is used to change some of the tables used in
the DES computation. It goes back to the ancient days of unix.

By today's standards, the algorithm isn't considered very strong. The
only place I'm aware that uses it is unix password files, and even there
many (most?) systems have replaced it with something stronger such as
SHA1. Maybe Apache .htaccess files?

I don't know what your use case is, but unless you're doing something
silly like trying to execute a dictionary attack against a unix password
file, it's almost certain that you'd do better to just use SHA1.
 
Reply With Quote
 
 
 
 
Roy Smith
Guest
Posts: n/a
 
      03-10-2012
In article <(E-Mail Removed)>,
Christian Heimes <(E-Mail Removed)> wrote:

> Am 10.03.2012 21:15, schrieb Roy Smith:
> > By today's standards, the algorithm isn't considered very strong. The
> > only place I'm aware that uses it is unix password files, and even there
> > many (most?) systems have replaced it with something stronger such as
> > SHA1. Maybe Apache .htaccess files?

>
> The algorithm with identifier 6 is a SHA-512 crypt algorithm with a
> lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's
> the default algorithm on modern Linux machines and believed to be very
> secure.
>
> The large salt makes a rainbow table attack impossible and the 40,000
> rounds require a lot of CPU time, even on modern systems.


But is that what crypt.crypt() does? I though it implemented the
old-style triple-DES.
 
Reply With Quote
 
Cosmia Luna
Guest
Posts: n/a
 
      03-11-2012
On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote:
> Am 10.03.2012 20:33, schrieb Cosmia Luna:
> > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

>
> If you chance your mind and choose to use a full solution, then I highly
> recommend passlib [1]. It has an implementation of SHA-512 crypt as
> indicated by the number 6 in the header of your string.
>
> By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just
> "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier.
>
> Christian
>
> [1] http://packages.python.org/passlib/


PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility.

Thanks a lot.

But I still want to know how it is implemented, I read passlib's source butI found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process?

Cosmia
 
Reply With Quote
 
Cosmia Luna
Guest
Posts: n/a
 
      03-11-2012
On Sunday, March 11, 2012 4:16:52 AM UTC+8, Christian Heimes wrote:
> Am 10.03.2012 20:33, schrieb Cosmia Luna:
> > I'm not searching for a full solution and only want to know how to use hashlib to create a equivalent string like

>
> If you chance your mind and choose to use a full solution, then I highly
> recommend passlib [1]. It has an implementation of SHA-512 crypt as
> indicated by the number 6 in the header of your string.
>
> By the way "$6$ds41p/9VMA.BHH0U" is *not* the salt. Just
> "ds41p/9VMA.BHH0U" is the salt, 6 is a hash identifier.
>
> Christian
>
> [1] http://packages.python.org/passlib/


PassLib works for me. What I want is passlib.context, I need it in consideration of forward compatibility.

Thanks a lot.

But I still want to know how it is implemented, I read passlib's source butI found he/she re-implemented hashlib, which I can't understand. Now I knows that the encoding is hash64 instead of base64, but I can't know that. PassLib is too difficult for me. Anyone knows the accurate process?

Cosmia
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM



Advertisments