author | Aurelien Campeas <aurelien.campeas@logilab.fr> |
Mon, 01 Oct 2012 12:49:34 +0200 | |
branch | stable |
changeset 8568 | 56d9eb013feb |
parent 8317 | 9c59258e7798 |
child 10609 | e2d8e81bfe68 |
permissions | -rw-r--r-- |
0 | 1 |
# md5crypt.py |
2 |
# |
|
3 |
# 0423.2000 by michal wallace http://www.sabren.com/ |
|
4 |
# based on perl's Crypt::PasswdMD5 by Luis Munoz (lem@cantv.net) |
|
5 |
# based on /usr/src/libcrypt/crypt.c from FreeBSD 2.2.5-RELEASE |
|
6 |
# |
|
7 |
# MANY THANKS TO |
|
8 |
# |
|
9 |
# Carey Evans - http://home.clear.net.nz/pages/c.evans/ |
|
10 |
# Dennis Marti - http://users.starpower.net/marti1/ |
|
11 |
# |
|
12 |
# For the patches that got this thing working! |
|
13 |
# |
|
14 |
# modification by logilab: |
|
15 |
# * remove usage of the string module |
|
16 |
# * don't include the magic string in the output string |
|
17 |
# for true crypt.crypt compatibility |
|
5771
c077df1d0333
[md5script] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5770
diff
changeset
|
18 |
# * use hashlib module instead of md5 |
0 | 19 |
######################################################### |
20 |
"""md5crypt.py - Provides interoperable MD5-based crypt() function |
|
21 |
||
22 |
SYNOPSIS |
|
23 |
||
24 |
import md5crypt.py |
|
25 |
||
26 |
cryptedpassword = md5crypt.md5crypt(password, salt); |
|
27 |
||
28 |
DESCRIPTION |
|
29 |
||
30 |
unix_md5_crypt() provides a crypt()-compatible interface to the |
|
31 |
rather new MD5-based crypt() function found in modern operating systems. |
|
32 |
It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and |
|
33 |
contains the following license in it: |
|
34 |
||
35 |
"THE BEER-WARE LICENSE" (Revision 42): |
|
36 |
<phk@login.dknet.dk> wrote this file. As long as you retain this notice you |
|
37 |
can do whatever you want with this stuff. If we meet some day, and you think |
|
38 |
this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp |
|
39 |
""" |
|
40 |
||
41 |
MAGIC = '$1$' # Magic string |
|
42 |
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" |
|
43 |
||
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
44 |
from hashlib import md5 # pylint: disable=E0611 |
0 | 45 |
|
46 |
def to64 (v, n): |
|
47 |
ret = '' |
|
48 |
while (n - 1 >= 0): |
|
49 |
n = n - 1 |
|
50 |
ret = ret + ITOA64[v & 0x3f] |
|
51 |
v = v >> 6 |
|
52 |
return ret |
|
53 |
||
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
54 |
def crypt(pw, salt): |
3149
c6a85fafb155
note about licence, fix copyright, fix case of unicode argument
Aurelien Campeas
parents:
2172
diff
changeset
|
55 |
if isinstance(pw, unicode): |
c6a85fafb155
note about licence, fix copyright, fix case of unicode argument
Aurelien Campeas
parents:
2172
diff
changeset
|
56 |
pw = pw.encode('utf-8') |
0 | 57 |
# Take care of the magic string if present |
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
58 |
if salt.startswith(MAGIC): |
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
59 |
salt = salt[len(MAGIC):] |
0 | 60 |
# salt can have up to 8 characters: |
61 |
salt = salt.split('$', 1)[0] |
|
62 |
salt = salt[:8] |
|
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
63 |
ctx = pw + MAGIC + salt |
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
64 |
final = md5(pw + salt + pw).digest() |
1132 | 65 |
for pl in xrange(len(pw), 0, -16): |
0 | 66 |
if pl > 16: |
67 |
ctx = ctx + final[:16] |
|
68 |
else: |
|
69 |
ctx = ctx + final[:pl] |
|
70 |
# Now the 'weird' xform (??) |
|
71 |
i = len(pw) |
|
72 |
while i: |
|
73 |
if i & 1: |
|
74 |
ctx = ctx + chr(0) #if ($i & 1) { $ctx->add(pack("C", 0)); } |
|
75 |
else: |
|
76 |
ctx = ctx + pw[0] |
|
77 |
i = i >> 1 |
|
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
78 |
final = md5(ctx).digest() |
0 | 79 |
# The following is supposed to make |
2172
cf8f9180e63e
delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
1977
diff
changeset
|
80 |
# things run slower. |
0 | 81 |
# my question: WTF??? |
1132 | 82 |
for i in xrange(1000): |
0 | 83 |
ctx1 = '' |
84 |
if i & 1: |
|
85 |
ctx1 = ctx1 + pw |
|
86 |
else: |
|
87 |
ctx1 = ctx1 + final[:16] |
|
88 |
if i % 3: |
|
89 |
ctx1 = ctx1 + salt |
|
90 |
if i % 7: |
|
91 |
ctx1 = ctx1 + pw |
|
92 |
if i & 1: |
|
93 |
ctx1 = ctx1 + final[:16] |
|
94 |
else: |
|
95 |
ctx1 = ctx1 + pw |
|
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
96 |
final = md5(ctx1).digest() |
0 | 97 |
# Final xform |
98 |
passwd = '' |
|
99 |
passwd = passwd + to64((int(ord(final[0])) << 16) |
|
100 |
|(int(ord(final[6])) << 8) |
|
101 |
|(int(ord(final[12]))),4) |
|
102 |
passwd = passwd + to64((int(ord(final[1])) << 16) |
|
103 |
|(int(ord(final[7])) << 8) |
|
104 |
|(int(ord(final[13]))), 4) |
|
105 |
passwd = passwd + to64((int(ord(final[2])) << 16) |
|
106 |
|(int(ord(final[8])) << 8) |
|
107 |
|(int(ord(final[14]))), 4) |
|
108 |
passwd = passwd + to64((int(ord(final[3])) << 16) |
|
109 |
|(int(ord(final[9])) << 8) |
|
110 |
|(int(ord(final[15]))), 4) |
|
111 |
passwd = passwd + to64((int(ord(final[4])) << 16) |
|
112 |
|(int(ord(final[10])) << 8) |
|
113 |
|(int(ord(final[5]))), 4) |
|
114 |
passwd = passwd + to64((int(ord(final[11]))), 2) |
|
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
115 |
return passwd |