This module provides some preconfigured CryptContext instances for encrypting & verifying password hashes tied to user accounts of various operating systems. While (most) of the objects are available cross-platform, their use is oriented primarily towards Linux and BSD variants.
The CryptContext class itself has a large number of features, but to give an example of how to quickly use the instances in this module:
Each of the objects in this module can be imported directly:
>>> # as an example, this imports the linux_context object, >>> # which is configured to recognized most hashes found in Linux /etc/shadow files. >>> from passlib.apps import linux_context
Encrypting a password is simple (and salt generation is handled automatically):
>>> hash = linux_context.encrypt("toomanysecrets") >>> hash '$5$rounds=84740$fYChCy.52EzebF51$9bnJrmTf2FESI93hgIBFF4qAfysQcKoB0veiI0ZeYU4'
Verifying a password against an existing hash is just as quick:
>>> linux_context.verify("toomanysocks", hash) False >>> linux_context.verify("toomanysecrets", hash) True
>>> linux_context.identify(hash) 'sha512_crypt'
>>> linux_context.schemes() ('sha512_crypt', 'sha256_crypt', 'md5_crypt', 'des_crypt', 'unix_disabled') >>> linux_context.encrypt("password", scheme="des_crypt") '2fmLLcoHXuQdI' >>> linux_context.identify('2fmLLcoHXuQdI') 'des_crypt'
Passlib provides a number of pre-configured CryptContext instances which can identify and manipulate all the formats used by Linux and BSD. See the modular crypt identifier list for a complete list of which hashes are supported by which operating system.
Passlib provides CryptContext instances for the following Unix variants:
context instance which recognizes hashes used by the majority of Linux distributions. encryption defaults to sha512_crypt.
context instance which recognizes all hashes used by FreeBSD 8. encryption defaults to bcrypt.
context instance which recognizes all hashes used by NetBSD. encryption defaults to bcrypt.
context instance which recognizes all hashes used by OpenBSD. encryption defaults to bcrypt.
This CryptContext instance should detect and support all the algorithms the native OS crypt() offers. The main differences between this object and crypt():
As an example, this can be used in conjunction with stdlib’s spwd module to verify user passwords on the local system:
>>> # NOTE/WARNING: this example requires running as root on most systems. >>> import spwd, os >>> from passlib.hosts import host_context >>> hash = spwd.getspnam(os.environ['USER']).sp_pwd >>> host_context.verify("toomanysecrets", hash) True
Changed in version 1.4: This object is only available on systems where the stdlib crypt module is present. In version 1.3 and earlier, it was available on non-Unix systems, though it did nothing useful.
|||Man page for Linux /etc/shadow - http://linux.die.net/man/5/shadow|