473,396 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > more secure crypt() function

Join Bytes to post your question to a community of 473,396 software developers and data experts.

more secure crypt() function

I want to use a crypt function to store crypted passwords. These will be
used to verify mail-user access. Now the crypt() function from the
module crypt is only significant for the first 8 characters. But I need
more significant characters.
I found the md5 and sha modules. But they work different from the crypt
module. But it doesn't seem to be compatible. I need the way crypt works
with a salt to verify the password.

So my real question is: What function can be used instead of crypt() to
generate secure crypted passwords that are compatible to the way
crypt() works?

I hope my intention is clear....

Marco

--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #1
3 5431
Marco Herrn <he***@gmx.net> writes:
I found the md5 and sha modules. But they work different from the crypt
module. But it doesn't seem to be compatible. I need the way crypt works
with a salt to verify the password.

So my real question is: What function can be used instead of crypt() to
generate secure crypted passwords that are compatible to the way
crypt() works?

I hope my intention is clear....


No your question isn't clear. If you want your hash function to be
compatible with crypt, you have to use crypt, there's no getting
around it.

If you just mean you want to use salted passwords the way unix
password files do, use can use md5 or sha. Just do something like:

def md5x(str) md5.new(str).hexdigest()[:16]

def hash(password):
salt = <say 4 some random characters>
return = salt + md5x(salt + password)

def verify(password, hashed):
salt, digest = hashed[:4], hashed[4:]
return digest == md5(salt + password)

Note that salting doesn't really protect you from dictionary search
any more. The right way to do password hashing these days is with the
HMAC function (see docs for the hmac module), with a secret key as
well as with a salt. But keeping the key secret creates a nontrivial
administrative problem. I can suggest some ways to deal with it if
you want, that depending on your application, may or may not be more
trouble than they're worth.
Jul 18 '05 #2
Paul Rubin <http://ph****@NOSPAM.invalid> writes:
def md5x(str) md5.new(str).hexdigest()[:16]
Bah.. the above should say

def md5x(str)
return md5.new(str).hexdigest()[:16]

And the following
def hash(password):
salt = <say 4 some random characters>
return = salt + md5x(salt + password)
should say:

def hash(password):
salt = <say 4 some random characters>
return salt + md5x(salt + password)

I think the last one (below) is ok, but note I haven't tested any of them.
def verify(password, hashed):
salt, digest = hashed[:4], hashed[4:]
return digest == md5(salt + password)

Jul 18 '05 #3
On 2003-10-04, Paul Rubin <> wrote:
I hope my intention is clear....
No your question isn't clear.


I was afraid this would be the case.
If you just mean you want to use salted passwords the way unix
password files do, use can use md5 or sha.


Yes, that was what I wanted.
But it seems that was searching in the wrong direction. What I need the
function for is only the hashing, not the verification against the hash.
Because of that I wanted to be sure that the hashes could be verified
with the same function (that means I wouldn't have to reconfigure exim).
But I was wrong. I can tell exim to use md5() instead of crypt(). So
they are not what I called 'compatible'.
Thanks for your help.
--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
crypt length
by: Paul Fournier | last post by:
Just wondering, does anyone know if the crypt() function in PHP will always return a 34 character string if not salted? I want to encrypt my user's passwords into a database and I want to make...
PHP
0
mysql password() & unix crypt password...
by: aars | last post by:
Hello all, I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a...
MySQL Database
1
pear’s crypt to php
by: steve | last post by:
Hi, I have a set of passwords encrypted using perl’s crypt, from a perl forum being migrated to php. I like to bring them into php, and use them without changing them. How do I emulate perl’s...
PHP
7
crypt equivalent for Win32 platform?
by: Kenjis Kaan | last post by:
I would like to use the crypt function in a Win32 (ie. C program using Visual C++ 6.0 compiler). I wrote a little program to see if it will link but it didn't. So I guess maybe the function isn't...
C / C++
1
how secure is Querystring authentication using uniqueidentifier
by: Nils N | last post by:
Hi all, Does anyone have a best practice for performring querystring authentication. I am now sending an email with a url to which the user clicks to confirm his or her registration. The url...
ASP.NET
1
crypt() function
by: Bilge TUTAK | last post by:
Hi All, Is there a function like crypt() of PHP. I want to verify a password using that password. It uses the password hash(from db,AD,or elsewhere) and the password user entered and returns the...
Visual Basic .NET
2
crypt with sha1?
by: amygdala | last post by:
Hi, Does anybody now of a custom crypt function that implements sha1? The thing I like about crypt is that I don't have to worry about (re)generating salt when querying the database. Or are...
PHP
26
Any way to make this code more compact, and/or be able to change at runtime?
by: Protoman | last post by:
I've written this program that simulates a 36 character, 10 rotor reciprocal rotor cipher, w/ a plugboard. Any way I can make the plugboard function more compact and/or be able to change the...
C / C++
3
emulate PHP "crypt" function in c#?
by: JamesB | last post by:
Not sure if this is possible, but has anyone seen (or know how to do) emulation of the PHP "crypt" function from within c#? Thanks
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!