How to re-implement the crypt.crypt function?

Roy Smith roy at panix.com
Sat Mar 10 15:41:12 EST 2012

• Previous message (by thread): How to re-implement the crypt.crypt function?
• Next message (by thread): How to re-implement the crypt.crypt function?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

In article <mailman.551.1331411820.3037.python-list at python.org>,
 Christian Heimes <lists at cheimes.de> wrote:
> Am 10.03.2012 21:15, schrieb Roy Smith:
> > By today's standards, the algorithm isn't considered very strong. The 
> > only place I'm aware that uses it is unix password files, and even there 
> > many (most?) systems have replaced it with something stronger such as 
> > SHA1. Maybe Apache .htaccess files?
>> The algorithm with identifier 6 is a SHA-512 crypt algorithm with a
> lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's
> the default algorithm on modern Linux machines and believed to be very
> secure.
>> The large salt makes a rainbow table attack impossible and the 40,000
> rounds require a lot of CPU time, even on modern systems.

But is that what crypt.crypt() does? I though it implemented the 
old-style triple-DES.

---

• Previous message (by thread): How to re-implement the crypt.crypt function?
• Next message (by thread): How to re-implement the crypt.crypt function?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list