On 2004-04-04, Martin v. Löwis <ma****@v.loewis.de> wrote:
You need a combination of the pwd and crypt modules. Lookup the name
of the user using the pwd module, and fetch the encrypted password.
Then use crypt.crypt for encryption; use the first two letters of
the encrypted password as the salt.
Be aware that some installations use MD5 passwords, which can be
recognized by starting with $1$ (or some such).
A question to this md5 and sha1 hashed passwords. The python modules for
these are different to the crypt module. Especially there is no salt. So
how would I compare a given password to a given hash? Just rehash the
password? Would the hash always be the same? I thought the salt was
there to improve security.
And how can I distinguish a these hash methods? For example I have a
hash. How do I find out which hash method was used for this? As I have
seen md5 hashs are always 128 bit long. When I have such a hash in hex
form, can I say if that hash string has a length of 32 it is definitely
a md5 hash, a length of 40 indicating a sha hash and a length of 13
indicating a crypt() hash?
And what about the prefix $1$ for md5? When this is available just cut
it off the hash? Are there any other forms of such prefixes?
Sorry for this lot of questions. ;-)
Marco
--
Marco Herrn
he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736
