This algorithm is extremely weak by modern standards, and should not be used if possible.
This class implements the original DES-based Unix Crypt algorithm. While no longer in active use in most places, it is supported for legacy purposes by many Unix flavors. It can used directly as follows:
>>> from passlib.hash import des_crypt >>> # generate new salt, encrypt password >>> hash = des_crypt.encrypt("password") 'JQMuyS6H.AGMo' >>> # verify the password >>> des_crypt.verify("password", hash) True >>> des_crypt.verify("letmein", hash) False
the generic PasswordHash usage examples
This class implements the des-crypt password hash, and follows the Password Hash Interface.
It supports a fixed-length salt.
This class will use the first available of two possible backends:
You can see which backend is in use by calling the get_backend() method.
A des-crypt hash string consists of 13 characters, drawn from [./0-9A-Za-z]. The first 2 characters form a hash64-encoded 12 bit integer used as the salt, with the remaining characters forming a hash64-encoded 64-bit integer checksum.
A des-crypt configuration string is also accepted by this module, consists of only the first 2 characters, corresponding to the salt only.
An example hash (of the string password) is JQMuyS6H.AGMo, where the salt is JQ, and the checksum MuyS6H.AGMo.
The checksum is formed by a modified version of the DES cipher in encrypt mode:
Given a password string and a salt string.
The 2 character salt string is decoded to a 12-bit integer salt value; The salt string uses little-endian hash64 encoding.
If the password is less than 8 bytes, it’s NULL padded at the end to 8 bytes.
The lower 7 bits of the first 8 bytes of the password are used to form a 56-bit integer; with the first byte providing the most significant 7 bits, and the 8th byte providing the least significant 7 bits.
The remainder of the password (if any) is ignored.
25 repeated rounds of modified DES encryption are performed; starting with a null input block, and using the 56-bit integer from step 4 as the DES key.
The salt is used to to mutate the normal DES encrypt operation by swapping bits i and i+24 in the DES E-Box output if and only if bit i is set in the salt value. Thus, if the salt is set to 0, normal DES encryption is performed. (This was intended to prevent optimized implementations of regular DES encryption to be useful in attacking this algorithm).
The 64-bit result of the last round of step 5 is then lsb-padded with 2 zero bits.
The resulting 66-bit integer is encoded in big-endian order using the hash64-big format.
DES-Crypt is no longer considered secure, for a variety of reasons:
This implementation of des-crypt differs from others in a few ways:
Minimum salt string:
Some implementations of des-crypt permit empty and single-character salt strings. However, behavior in these cases varies wildly; with implementations returning everything from errors to incorrect hashes that never validate. To avoid all this, Passlib will throw an “invalid salt” if the provided salt string is not at least 2 characters.
Restricted salt string character set:
The underlying algorithm expects salt strings to use the hash64 character set to encode a 12-bit integer. Many implementations of des-crypt will accept a salt containing other characters, but vary wildly in how they are handled, including errors and implementation-specific value mappings. To avoid all this, Passlib will throw an “invalid salt” if the salt string contains any non-standard characters.
The original des-crypt algorithm was designed for 7-bit us-ascii encoding only (as evidenced by the fact that it discards the 8th bit of all password bytes).
In order to provide support for unicode strings, Passlib will encode unicode passwords using utf-8 before running them through des-crypt. If a different encoding is desired by an application, the password should be encoded before handing it to Passlib.
|||A java implementation of des-crypt, used as base for Passlib’s pure-python implementation, can be found at http://www.dynamic.net.au/christos/crypt/UnixCrypt2.txt|