内容表

  • crypt — 用于校验 Unix 口令的函数
    • 哈希方法
    • 模块属性
    • 模块函数
    • 范例

上一话题

chunk — 读取 IFF 分块数据

下一话题
就业培训     下载中心     Wiki     联络
登录   注册
Log
  1. 首页
  2. Python 3.12.4
  3. 索引
  4. 模块
  5. 下一
  6. 上一
  7. Python 标准库
  8. 被取代模块
  9. crypt — 用于校验 Unix 口令的函数

crypt — 用于校验 Unix 口令的函数 ¶

源代码: Lib/crypt.py

Deprecated since version 3.11, will be removed in version 3.13: The crypt 模块被弃用 (见 PEP 594 for details and alternatives). The hashlib module is a potential replacement for certain use cases. The passlib package can replace all use cases of this module.

This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary.

Notice that the behavior of this module depends on the actual implementation of the crypt(3) routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module.

可用性 : Unix, not VxWorks.

可用性 :非 Emscripten,非 WASI。

本模块不工作 (或不可用) 于 WebAssembly 平台 wasm32-emscripten and wasm32-wasi 。见 WebAssembly 平台 了解更多信息。

哈希方法 ¶

Added in version 3.3.

The crypt module defines the list of hashing methods (not all methods are available on all platforms):

crypt. METHOD_SHA512 ¶

A Modular Crypt Format method with 16 character salt and 86 character hash based on the SHA-512 hash function. This is the strongest method.

crypt. METHOD_SHA256 ¶

Another Modular Crypt Format method with 16 character salt and 43 character hash based on the SHA-256 hash function.

crypt. METHOD_BLOWFISH ¶

Another Modular Crypt Format method with 22 character salt and 31 character hash based on the Blowfish cipher.

Added in version 3.7.

crypt. METHOD_MD5 ¶

Another Modular Crypt Format method with 8 character salt and 22 character hash based on the MD5 hash function.

crypt. METHOD_CRYPT ¶

The traditional method with a 2 character salt and 13 characters of hash. This is the weakest method.

模块属性 ¶

Added in version 3.3.

crypt. 方法 ¶

A list of available password hashing algorithms, as crypt.METHOD_* objects. This list is sorted from strongest to weakest.

模块函数 ¶

The crypt 模块定义了下列函数:

crypt. crypt ( word , salt = None ) ¶

word will usually be a user’s password as typed at a prompt or in a graphical interface. The optional salt is either a string as returned from mksalt() , one of the crypt.METHOD_* values (though not all may be available on all platforms), or a full encrypted password including salt, as returned by this function. If salt is not provided, the strongest method available in methods 会被使用。

Checking a password is usually done by passing the plain-text password as word and the full results of a previous crypt() call, which should be the same as the results of this call.

salt (either a random 2 or 16 character string, possibly prefixed with $digit$ to indicate the method) which will be used to perturb the encryption algorithm. The characters in salt must be in the set [./a-zA-Z0-9] , with the exception of Modular Crypt Format which prefixes a $digit$ .

Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt.

Since a few crypt(3) extensions allow different values, with different sizes in the salt , it is recommended to use the full crypted password as salt when checking for a password.

3.3 版改变: Accept crypt.METHOD_* values in addition to strings for salt .

crypt. mksalt ( 方法 = None , * , rounds = None ) ¶

Return a randomly generated salt of the specified method. If no 方法 is given, the strongest method available in methods 被使用。

The return value is a string suitable for passing as the salt 自变量对于 crypt() .

rounds specifies the number of rounds for METHOD_SHA256 , METHOD_SHA512 and METHOD_BLOWFISH 。对于 METHOD_SHA256 and METHOD_SHA512 it must be an integer between 1000 and 999_999_999 , the default is 5000 。对于 METHOD_BLOWFISH it must be a power of two between 16 (2 4 ) 和 2_147_483_648 (2 31 ), the default is 4096 (2 12 ).

Added in version 3.3.

3.7 版改变: 添加 rounds 参数。

范例 ¶

A simple example illustrating typical use (a constant-time comparison operation is needed to limit exposure to timing attacks. hmac.compare_digest() is suitable for this purpose): 

import pwd
import crypt
import getpass
from hmac import compare_digest as compare_hash
def login():
    username = input('Python login: ')
    cryptedpasswd = pwd.getpwnam(username)[1]
    if cryptedpasswd:
        if cryptedpasswd == 'x' or cryptedpasswd == '*':
            raise ValueError('no support for shadow passwords')
        cleartext = getpass.getpass()
        return compare_hash(crypt.crypt(cleartext, cryptedpasswd), cryptedpasswd)
    else:
        return True

To generate a hash of a password using the strongest available method and check it against the original: 

import crypt
from hmac import compare_digest as compare_hash
hashed = crypt.crypt(plaintext)
if not compare_hash(hashed, crypt.crypt(plaintext, hashed)):
    raise ValueError("hashed version doesn't validate against original")

内容表

  • crypt — 用于校验 Unix 口令的函数
    • 哈希方法
    • 模块属性
    • 模块函数
    • 范例

上一话题

chunk — 读取 IFF 分块数据

下一话题

imghdr — 确定图像类型

本页

  • 报告 Bug
  • 展示源

快速搜索

键入搜索术语或模块、类、函数名称。

  1. 首页
  2. Python 3.12.4
  3. 索引
  4. 模块
  5. 下一
  6. 上一
  7. Python 标准库
  8. 被取代模块
  9. crypt — 用于校验 Unix 口令的函数

版权所有  © 2014-2026 乐数软件    

工业和信息化部: 粤ICP备14079481号-1