Pure-python implementation of the SHA2 crypt(3) functions
Project description
# python-crypt [](https://travis-ci.org/thusoy/python-crypt)
Pure-python implementation of the crypt(3) SHA2 functions.
Useful for creating crypt-compatible hashes from non-*nixes (like Windows
and OS X), like when creating password hashes to initialize a *nix server
with.
## Install
$ pip install pcrypt
## Usage
API is identical to the [built-in crypt](https://docs.python.org/3.5/library/crypt.html) module on *nix:
>>> import pcrypt, getpass
>>> print(pcrypt.crypt(getpass.getpass()))
$6$tyjS23QPnY6k37iD$7oM9nObOVQUQ<...>/x7VKbuiyqgT81
If you want to override the number of rounds used for hashing, you can specify the parameter `rounds` to crypt:
>>> print(pcrypt.crypt(getpass.getpass(), rounds=50000))
$6$rounds=50000$FEkeiFqoGiU6Bd3v$6jn8ZZ<...>uXKvs7XAbp.
The default number of rounds is 5000, same as for crypt(3).
To use SHA256 instead of the default SHA512:
>>> print(pcrypt.crypt(getpass.getpass(), pcrypt.METHOD_SHA256))
$5$Zcxyug8MUozUjGIQ$yqvzOQR<...>pnLMvpOhhmrOWfn5
If the second argument is given it must be either an existing salt string matching the
format `$<algo>$(rounds=<rounds>$)?<salt>($<hash>)?`, or one of `pcrypt.METHOD_SHA256`
or `pcrypt.METHOD_SHA512`.
Without specifying salt manually the module will generate a new salt and use
the strongest hash function available.
As a little extra nugget, there's also a handy CLI to quickly generate a hash:
$ pcrypt -h
usage: pcrypt [-h] [-r ROUNDS] [-a {sha256,sha512}] [-s]
Compute a password hash for SHA256/SHA512 in crypt(3)-compatible format.
Password will be prompted for.
optional arguments:
-h, --help show this help message and exit
-r ROUNDS, --rounds ROUNDS
How many rounds of hashing to perform. More rounds are
slower, making it harder to reverse a hash through
brute force. Default: 5000
-a {sha256,sha512}, --algo {sha256,sha512}
Which algorithm to use. Default: sha512
-s, --single-prompt Don't ask to repeat the password
**NB**: You'd probably guess from this being a pure-python implementation of a compute-heavy operation, but I just have to say this explicitly: Do not use this for performance-critical applications! Performance is roughly five orders of magnitude slower than the plain C version.
Change log
==========
[1.0.5] - 2018-01-12
--------------------
### Fixed
- Only print trailing newline in cli when writing to a tty.
[1.0.4] - 2016-02-08
--------------------
### Added
- Passwords can now be piped in to the pcrypt CLI.
[1.0.3] - 2015-12-19
--------------------
Practically first release.
[1.0.5]: https://github.com/thusoy/python-crypt/compare/v1.0.4...v1.0.5
[1.0.4]: https://github.com/thusoy/python-crypt/compare/v1.0.3...v1.0.4
Pure-python implementation of the crypt(3) SHA2 functions.
Useful for creating crypt-compatible hashes from non-*nixes (like Windows
and OS X), like when creating password hashes to initialize a *nix server
with.
## Install
$ pip install pcrypt
## Usage
API is identical to the [built-in crypt](https://docs.python.org/3.5/library/crypt.html) module on *nix:
>>> import pcrypt, getpass
>>> print(pcrypt.crypt(getpass.getpass()))
$6$tyjS23QPnY6k37iD$7oM9nObOVQUQ<...>/x7VKbuiyqgT81
If you want to override the number of rounds used for hashing, you can specify the parameter `rounds` to crypt:
>>> print(pcrypt.crypt(getpass.getpass(), rounds=50000))
$6$rounds=50000$FEkeiFqoGiU6Bd3v$6jn8ZZ<...>uXKvs7XAbp.
The default number of rounds is 5000, same as for crypt(3).
To use SHA256 instead of the default SHA512:
>>> print(pcrypt.crypt(getpass.getpass(), pcrypt.METHOD_SHA256))
$5$Zcxyug8MUozUjGIQ$yqvzOQR<...>pnLMvpOhhmrOWfn5
If the second argument is given it must be either an existing salt string matching the
format `$<algo>$(rounds=<rounds>$)?<salt>($<hash>)?`, or one of `pcrypt.METHOD_SHA256`
or `pcrypt.METHOD_SHA512`.
Without specifying salt manually the module will generate a new salt and use
the strongest hash function available.
As a little extra nugget, there's also a handy CLI to quickly generate a hash:
$ pcrypt -h
usage: pcrypt [-h] [-r ROUNDS] [-a {sha256,sha512}] [-s]
Compute a password hash for SHA256/SHA512 in crypt(3)-compatible format.
Password will be prompted for.
optional arguments:
-h, --help show this help message and exit
-r ROUNDS, --rounds ROUNDS
How many rounds of hashing to perform. More rounds are
slower, making it harder to reverse a hash through
brute force. Default: 5000
-a {sha256,sha512}, --algo {sha256,sha512}
Which algorithm to use. Default: sha512
-s, --single-prompt Don't ask to repeat the password
**NB**: You'd probably guess from this being a pure-python implementation of a compute-heavy operation, but I just have to say this explicitly: Do not use this for performance-critical applications! Performance is roughly five orders of magnitude slower than the plain C version.
Change log
==========
[1.0.5] - 2018-01-12
--------------------
### Fixed
- Only print trailing newline in cli when writing to a tty.
[1.0.4] - 2016-02-08
--------------------
### Added
- Passwords can now be piped in to the pcrypt CLI.
[1.0.3] - 2015-12-19
--------------------
Practically first release.
[1.0.5]: https://github.com/thusoy/python-crypt/compare/v1.0.4...v1.0.5
[1.0.4]: https://github.com/thusoy/python-crypt/compare/v1.0.3...v1.0.4
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pcrypt-1.0.5.tar.gz
(6.0 kB
view details)
File details
Details for the file pcrypt-1.0.5.tar.gz.
File metadata
- Download URL: pcrypt-1.0.5.tar.gz
- Upload date:
- Size: 6.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.29.1 CPython/2.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 61f0cb73900aa8bf682f9347bc7f8468dbe9f7fd861ff3be246e2f0c23c18405 |
|
| MD5 | 10f5dc86c68639c4840f8dbdd38366df |
|
| BLAKE2b-256 | 666f26667b2feb5e12561eb31d08be5213ec884610713b583fe67bf75a8807d1 |
