🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
### 导航 - [索引](../genindex.xhtml "总目录") - [模块](../py-modindex.xhtml "Python 模块索引") | - [下一页](termios.xhtml "termios --- POSIX style tty control") | - [上一页](grp.xhtml "grp --- The group database") | - ![](https://box.kancloud.cn/a721fc7ec672275e257bbbfde49a4d4e_16x16.png) - [Python](https://www.python.org/) » - zh\_CN 3.7.3 [文档](../index.xhtml) » - [Python 标准库](index.xhtml) » - [Unix 专有服务](unix.xhtml) » - $('.inline-search').show(0); | # [`crypt`](#module-crypt "crypt: The crypt() function used to check Unix passwords. (Unix)") --- Function to check Unix passwords **Source code:** [Lib/crypt.py](https://github.com/python/cpython/tree/3.7/Lib/crypt.py) \[https://github.com/python/cpython/tree/3.7/Lib/crypt.py\] - - - - - - This module implements an interface to the *crypt(3)* routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary. Notice that the behavior of this module depends on the actual implementation of the *crypt(3)* routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module. ## Hashing Methods 3\.3 新版功能. The [`crypt`](#module-crypt "crypt: The crypt() function used to check Unix passwords. (Unix)") module defines the list of hashing methods (not all methods are available on all platforms): `crypt.``METHOD_SHA512`A Modular Crypt Format method with 16 character salt and 86 character hash based on the SHA-512 hash function. This is the strongest method. `crypt.``METHOD_SHA256`Another Modular Crypt Format method with 16 character salt and 43 character hash based on the SHA-256 hash function. `crypt.``METHOD_BLOWFISH`Another Modular Crypt Format method with 22 character salt and 31 character hash based on the Blowfish cipher. 3\.7 新版功能. `crypt.``METHOD_MD5`Another Modular Crypt Format method with 8 character salt and 22 character hash based on the MD5 hash function. `crypt.``METHOD_CRYPT`The traditional method with a 2 character salt and 13 characters of hash. This is the weakest method. ## Module Attributes 3\.3 新版功能. `crypt.``methods`A list of available password hashing algorithms, as `crypt.METHOD_*` objects. This list is sorted from strongest to weakest. ## 模块函数 The [`crypt`](#module-crypt "crypt: The crypt() function used to check Unix passwords. (Unix)") module defines the following functions: `crypt.``crypt`(*word*, *salt=None*)*word* will usually be a user's password as typed at a prompt or in a graphical interface. The optional *salt* is either a string as returned from [`mksalt()`](#crypt.mksalt "crypt.mksalt"), one of the `crypt.METHOD_*` values (though not all may be available on all platforms), or a full encrypted password including salt, as returned by this function. If *salt* is not provided, the strongest method will be used (as returned by [`methods()`](#crypt.methods "crypt.methods")). Checking a password is usually done by passing the plain-text password as *word* and the full results of a previous [`crypt()`](#module-crypt "crypt: The crypt() function used to check Unix passwords. (Unix)") call, which should be the same as the results of this call. *salt* (either a random 2 or 16 character string, possibly prefixed with `$digit$` to indicate the method) which will be used to perturb the encryption algorithm. The characters in *salt* must be in the set `[./a-zA-Z0-9]`, with the exception of Modular Crypt Format which prefixes a `$digit$`. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt. Since a few *crypt(3)* extensions allow different values, with different sizes in the *salt*, it is recommended to use the full crypted password as salt when checking for a password. 在 3.3 版更改: Accept `crypt.METHOD_*` values in addition to strings for *salt*. `crypt.``mksalt`(*method=None*, *\**, *rounds=None*)Return a randomly generated salt of the specified method. If no *method* is given, the strongest method available as returned by [`methods()`](#crypt.methods "crypt.methods") is used. The return value is a string suitable for passing as the *salt* argument to [`crypt()`](#module-crypt "crypt: The crypt() function used to check Unix passwords. (Unix)"). *rounds* specifies the number of rounds for `METHOD_SHA256`, `METHOD_SHA512` and `METHOD_BLOWFISH`. For `METHOD_SHA256` and `METHOD_SHA512` it must be an integer between `1000` and `999_999_999`, the default is `5000`. For `METHOD_BLOWFISH` it must be a power of two between `16` (24) and `2_147_483_648` (231), the default is `4096`(212). 3\.3 新版功能. 在 3.7 版更改: Added the *rounds* parameter. ## 示例 A simple example illustrating typical use (a constant-time comparison operation is needed to limit exposure to timing attacks. [`hmac.compare_digest()`](hmac.xhtml#hmac.compare_digest "hmac.compare_digest") is suitable for this purpose): ``` import pwd import crypt import getpass from hmac import compare_digest as compare_hash def login(): username = input('Python login: ') cryptedpasswd = pwd.getpwnam(username)[1] if cryptedpasswd: if cryptedpasswd == 'x' or cryptedpasswd == '*': raise ValueError('no support for shadow passwords') cleartext = getpass.getpass() return compare_hash(crypt.crypt(cleartext, cryptedpasswd), cryptedpasswd) else: return True ``` To generate a hash of a password using the strongest available method and check it against the original: ``` import crypt from hmac import compare_digest as compare_hash hashed = crypt.crypt(plaintext) if not compare_hash(hashed, crypt.crypt(plaintext, hashed)): raise ValueError("hashed version doesn't validate against original") ``` ### 导航 - [索引](../genindex.xhtml "总目录") - [模块](../py-modindex.xhtml "Python 模块索引") | - [下一页](termios.xhtml "termios --- POSIX style tty control") | - [上一页](grp.xhtml "grp --- The group database") | - ![](https://box.kancloud.cn/a721fc7ec672275e257bbbfde49a4d4e_16x16.png) - [Python](https://www.python.org/) » - zh\_CN 3.7.3 [文档](../index.xhtml) » - [Python 标准库](index.xhtml) » - [Unix 专有服务](unix.xhtml) » - $('.inline-search').show(0); | © [版权所有](../copyright.xhtml) 2001-2019, Python Software Foundation. Python 软件基金会是一个非盈利组织。 [请捐助。](https://www.python.org/psf/donations/) 最后更新于 5月 21, 2019. [发现了问题](../bugs.xhtml)? 使用[Sphinx](http://sphinx.pocoo.org/)1.8.4 创建。