34.5. crypt — Unix パスワードをチェックするための関数

This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary.

このモジュールは実行環境の crypt(3) の実装に依存しています。そのため、現在の実装で利用可能な拡張を、このモジュールでもそのまま利用できます。

34.5.1. Hashing Methods

バージョン 3.3 で追加.

The crypt module defines the list of hashing methods (not all methods are available on all platforms):

crypt.METHOD_SHA512

A Modular Crypt Format method with 16 character salt and 86 character hash. This is the strongest method.

crypt.METHOD_SHA256

Another Modular Crypt Format method with 16 character salt and 43 character hash.

crypt.METHOD_MD5

Another Modular Crypt Format method with 8 character salt and 22 character hash.

crypt.METHOD_CRYPT

The traditional method with a 2 character salt and 13 characters of hash. This is the weakest method.

34.5.2. モジュール属性

バージョン 3.3 で追加.

crypt.methods

A list of available password hashing algorithms, as crypt.METHOD_* objects. This list is sorted from strongest to weakest, and is guaranteed to have at least crypt.METHOD_CRYPT.

34.5.3. モジュール関数

crypt モジュールは以下の関数を定義しています:

crypt.crypt(word, salt=None)

word will usually be a user’s password as typed at a prompt or in a graphical interface. The optional salt is either a string as returned from mksalt(), one of the crypt.METHOD_* values (though not all may be available on all platforms), or a full encrypted password including salt, as returned by this function. If salt is not provided, the strongest method will be used (as returned by methods().

Checking a password is usually done by passing the plain-text password as word and the full results of a previous crypt() call, which should be the same as the results of this call.

salt (either a random 2 or 16 character string, possibly prefixed with $digit$ to indicate the method) which will be used to perturb the encryption algorithm. The characters in salt must be in the set [./a-zA-Z0-9], with the exception of Modular Crypt Format which prefixes a $digit$.

Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt.

いくつかの拡張された crypt(3) は異なる値と salt の長さを許しているので、パスワードをチェックする際には crypt されたパスワード文字列全体を salt として渡すよう勧めます。

バージョン 3.3 で変更: Accept crypt.METHOD_* values in addition to strings for salt.

crypt.mksalt(method=None)

Return a randomly generated salt of the specified method. If no method is given, the strongest method available as returned by methods() is used.

The return value is a string either of 2 characters in length for crypt.METHOD_CRYPT, or 19 characters starting with $digit$ and 16 random characters from the set [./a-zA-Z0-9], suitable for passing as the salt argument to crypt().

バージョン 3.3 で追加.

34.5.4. 例

A simple example illustrating typical use (a constant-time comparison operation is needed to limit exposure to timing attacks. hmac.compare_digest() is suitable for this purpose):

import pwd
import crypt
import getpass
from hmac import compare_digest as compare_hash

def login():
    username = input('Python login: ')
    cryptedpasswd = pwd.getpwnam(username)[1]
    if cryptedpasswd:
        if cryptedpasswd == 'x' or cryptedpasswd == '*':
            raise ValueError('no support for shadow passwords')
        cleartext = getpass.getpass()
        return compare_hash(crypt.crypt(cleartext, cryptedpasswd), cryptedpasswd)
    else:
        return True

To generate a hash of a password using the strongest available method and check it against the original:

import crypt
from hmac import compare_digest as compare_hash

hashed = crypt.crypt(plaintext)
if not compare_hash(hashed, crypt.crypt(plaintext, hashed)):
   raise ValueError("hashed version doesn't validate against original")