author | Rémi Cardona <remi.cardona@logilab.fr> |
Tue, 15 Sep 2015 16:56:57 +0200 | |
changeset 10609 | e2d8e81bfe68 |
parent 8317 | 9c59258e7798 |
child 10775 | 4b3c1069bd4e |
permissions | -rw-r--r-- |
0 | 1 |
# md5crypt.py |
2 |
# |
|
3 |
# 0423.2000 by michal wallace http://www.sabren.com/ |
|
4 |
# based on perl's Crypt::PasswdMD5 by Luis Munoz (lem@cantv.net) |
|
5 |
# based on /usr/src/libcrypt/crypt.c from FreeBSD 2.2.5-RELEASE |
|
6 |
# |
|
7 |
# MANY THANKS TO |
|
8 |
# |
|
9 |
# Carey Evans - http://home.clear.net.nz/pages/c.evans/ |
|
10 |
# Dennis Marti - http://users.starpower.net/marti1/ |
|
11 |
# |
|
12 |
# For the patches that got this thing working! |
|
13 |
# |
|
14 |
# modification by logilab: |
|
15 |
# * remove usage of the string module |
|
16 |
# * don't include the magic string in the output string |
|
17 |
# for true crypt.crypt compatibility |
|
5771
c077df1d0333
[md5script] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5770
diff
changeset
|
18 |
# * use hashlib module instead of md5 |
0 | 19 |
######################################################### |
20 |
"""md5crypt.py - Provides interoperable MD5-based crypt() function |
|
21 |
||
22 |
SYNOPSIS |
|
23 |
||
24 |
import md5crypt.py |
|
25 |
||
26 |
cryptedpassword = md5crypt.md5crypt(password, salt); |
|
27 |
||
28 |
DESCRIPTION |
|
29 |
||
30 |
unix_md5_crypt() provides a crypt()-compatible interface to the |
|
31 |
rather new MD5-based crypt() function found in modern operating systems. |
|
32 |
It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and |
|
33 |
contains the following license in it: |
|
34 |
||
35 |
"THE BEER-WARE LICENSE" (Revision 42): |
|
36 |
<phk@login.dknet.dk> wrote this file. As long as you retain this notice you |
|
37 |
can do whatever you want with this stuff. If we meet some day, and you think |
|
38 |
this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp |
|
39 |
""" |
|
40 |
||
41 |
MAGIC = '$1$' # Magic string |
|
42 |
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" |
|
43 |
||
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
44 |
from hashlib import md5 # pylint: disable=E0611 |
0 | 45 |
|
10609
e2d8e81bfe68
[py3k] import range using six.moves
Rémi Cardona <remi.cardona@logilab.fr>
parents:
8317
diff
changeset
|
46 |
from six.moves import range |
e2d8e81bfe68
[py3k] import range using six.moves
Rémi Cardona <remi.cardona@logilab.fr>
parents:
8317
diff
changeset
|
47 |
|
e2d8e81bfe68
[py3k] import range using six.moves
Rémi Cardona <remi.cardona@logilab.fr>
parents:
8317
diff
changeset
|
48 |
|
0 | 49 |
def to64 (v, n): |
50 |
ret = '' |
|
51 |
while (n - 1 >= 0): |
|
52 |
n = n - 1 |
|
53 |
ret = ret + ITOA64[v & 0x3f] |
|
54 |
v = v >> 6 |
|
55 |
return ret |
|
56 |
||
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
57 |
def crypt(pw, salt): |
3149
c6a85fafb155
note about licence, fix copyright, fix case of unicode argument
Aurelien Campeas
parents:
2172
diff
changeset
|
58 |
if isinstance(pw, unicode): |
c6a85fafb155
note about licence, fix copyright, fix case of unicode argument
Aurelien Campeas
parents:
2172
diff
changeset
|
59 |
pw = pw.encode('utf-8') |
0 | 60 |
# Take care of the magic string if present |
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
61 |
if salt.startswith(MAGIC): |
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
62 |
salt = salt[len(MAGIC):] |
0 | 63 |
# salt can have up to 8 characters: |
64 |
salt = salt.split('$', 1)[0] |
|
65 |
salt = salt[:8] |
|
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
66 |
ctx = pw + MAGIC + salt |
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
67 |
final = md5(pw + salt + pw).digest() |
10609
e2d8e81bfe68
[py3k] import range using six.moves
Rémi Cardona <remi.cardona@logilab.fr>
parents:
8317
diff
changeset
|
68 |
for pl in range(len(pw), 0, -16): |
0 | 69 |
if pl > 16: |
70 |
ctx = ctx + final[:16] |
|
71 |
else: |
|
72 |
ctx = ctx + final[:pl] |
|
73 |
# Now the 'weird' xform (??) |
|
74 |
i = len(pw) |
|
75 |
while i: |
|
76 |
if i & 1: |
|
77 |
ctx = ctx + chr(0) #if ($i & 1) { $ctx->add(pack("C", 0)); } |
|
78 |
else: |
|
79 |
ctx = ctx + pw[0] |
|
80 |
i = i >> 1 |
|
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
81 |
final = md5(ctx).digest() |
0 | 82 |
# The following is supposed to make |
2172
cf8f9180e63e
delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
1977
diff
changeset
|
83 |
# things run slower. |
0 | 84 |
# my question: WTF??? |
10609
e2d8e81bfe68
[py3k] import range using six.moves
Rémi Cardona <remi.cardona@logilab.fr>
parents:
8317
diff
changeset
|
85 |
for i in range(1000): |
0 | 86 |
ctx1 = '' |
87 |
if i & 1: |
|
88 |
ctx1 = ctx1 + pw |
|
89 |
else: |
|
90 |
ctx1 = ctx1 + final[:16] |
|
91 |
if i % 3: |
|
92 |
ctx1 = ctx1 + salt |
|
93 |
if i % 7: |
|
94 |
ctx1 = ctx1 + pw |
|
95 |
if i & 1: |
|
96 |
ctx1 = ctx1 + final[:16] |
|
97 |
else: |
|
98 |
ctx1 = ctx1 + pw |
|
7879
9aae456abab5
[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5771
diff
changeset
|
99 |
final = md5(ctx1).digest() |
0 | 100 |
# Final xform |
101 |
passwd = '' |
|
102 |
passwd = passwd + to64((int(ord(final[0])) << 16) |
|
103 |
|(int(ord(final[6])) << 8) |
|
104 |
|(int(ord(final[12]))),4) |
|
105 |
passwd = passwd + to64((int(ord(final[1])) << 16) |
|
106 |
|(int(ord(final[7])) << 8) |
|
107 |
|(int(ord(final[13]))), 4) |
|
108 |
passwd = passwd + to64((int(ord(final[2])) << 16) |
|
109 |
|(int(ord(final[8])) << 8) |
|
110 |
|(int(ord(final[14]))), 4) |
|
111 |
passwd = passwd + to64((int(ord(final[3])) << 16) |
|
112 |
|(int(ord(final[9])) << 8) |
|
113 |
|(int(ord(final[15]))), 4) |
|
114 |
passwd = passwd + to64((int(ord(final[4])) << 16) |
|
115 |
|(int(ord(final[10])) << 8) |
|
116 |
|(int(ord(final[5]))), 4) |
|
117 |
passwd = passwd + to64((int(ord(final[11]))), 2) |
|
8317
9c59258e7798
[security] use a stronger encryption algorythm for password, keeping bw compat
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7879
diff
changeset
|
118 |
return passwd |