Linux password manipulation in Python
Gary Herron
gherron at islandtraining.com
Tue Mar 18 04:22:09 EST 2003
On Monday 17 March 2003 11:42 pm, Steven Taschuk wrote:
> Quoth John Krukoff:
> > You probably want to look at man 3 crypt. [...]
>
> But not, note, the crypt(3) that comes in the man-pages package,
> which describes only the DES hashing method; I presume you're
> referring to one which comes with glibc.
>
> > On my box (gentoo):
> >
> > # grep jkrukoff /etc/shadow
> > jkrukoff:$1$TR8v8QBY$/RuCh8wlK.aHczufkXFbZ/:12129:0:99999:7:::
> >
> > # python
> >
> > >>> from crypt import crypt
> > >>> crypt( 'bob', '$1$TR8v8QBY$' )
> >
> > '$1$TR8v8QBY$/RuCh8wlK.aHczufkXFbZ/'
> >
> > Where the salt begins with '$1$', is a maximum of eight characters and
> > is optionally terminated by a '$'. Needless to say, this probably isn't
> > very portable.
>
> The important thing for the OP is, I think, that the salt for the
> MD5 method includes everything up to the third '$', and not just
> the first two characters (as in the DES method).
Thanks! This puts all the pieces together. My system crypt(3) man
page says nothing about the expanded intrepretation of salt.
However, if I call crypt with a salt of $1$...$, I do get values as in
my shadow password file. This is all I needed.
Thanks,
Gary
More information about the Python-list
mailing list