[EMAIL PROTECTED] writes: > Presumably, this is done using the crypt() system call (and, > fortunuately, Python has a builtin crypt module!). Presumably, as > well, this is at least somewhat secure, assuming a source of > cryptographic randomness to use to choose the salt. Are SHA1 and MD5 > suitable for this sort of thing as well, or would I need to move to > something more "industrial strength" from, say, the pyCrypto module if > I wanted to avoid a dependency on the crypt module?
The salt doesn't really have to be cryptographically random. There are two main issues: 1) Unix password hashing uses several different algorithms depending on version and configuration. Do you need to interoperate, or are you just trying to do something similar? 2) Even with salting, computers are fast enough thse days to run dictionary searches against unkeyed hashed passwords, so Unix now uses a non-publicly-readable shadow password file. You're best off hashing with an actual secret key, if you have a way to maintain one. I'd suggest using the hmac module: hash = hmac.new(secret_key, password).hexdigest() will give you a hex digit string; or if you prefer, you could use .digest() instead of .hexdigest() and base64 encode it if you want printable output. Keep in mind, though, that if the secret key leaks, you effectively have an unsalted hash. You could add a salt if you want (untested): import os salt = os.urandom(8) # 8 random bytes hash = (salt, hmac.new(secret_key, salt + password).digest()) note that the salt and hash are both binary. You may want to encode them (e.g. base64) if you need printable chars. -- http://mail.python.org/mailman/listinfo/python-list