user authentication via /etc/passwd|/etc/shadow
Marco Herrn
herrn at gmx.net
Tue Apr 6 16:52:54 EDT 2004
On 2004-04-04, Martin v. Löwis <martin at v.loewis.de> wrote:
> You need a combination of the pwd and crypt modules. Lookup the name
> of the user using the pwd module, and fetch the encrypted password.
> Then use crypt.crypt for encryption; use the first two letters of
> the encrypted password as the salt.
>
> Be aware that some installations use MD5 passwords, which can be
> recognized by starting with $1$ (or some such).
A question to this md5 and sha1 hashed passwords. The python modules for
these are different to the crypt module. Especially there is no salt. So
how would I compare a given password to a given hash? Just rehash the
password? Would the hash always be the same? I thought the salt was
there to improve security.
And how can I distinguish a these hash methods? For example I have a
hash. How do I find out which hash method was used for this? As I have
seen md5 hashs are always 128 bit long. When I have such a hash in hex
form, can I say if that hash string has a length of 32 it is definitely
a md5 hash, a length of 40 indicating a sha hash and a length of 13
indicating a crypt() hash?
And what about the prefix $1$ for md5? When this is available just cut
it off the hash? Are there any other forms of such prefixes?
Sorry for this lot of questions. ;-)
Marco
--
Marco Herrn herrn at gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736
More information about the Python-list
mailing list