<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_TW">

<head>

<meta http-equiv="X-UA-Compatible" content="IE=Edge" />

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>36.5. crypt — Function to check Unix passwords &#8212; Python 3.7.0 說明文件</title>

<link rel="stylesheet" href="../_static/pydoctheme.css" type="text/css" />

<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

<script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>

<script type="text/javascript" src="../_static/jquery.js"></script>

<script type="text/javascript" src="../_static/underscore.js"></script>

<script type="text/javascript" src="../_static/doctools.js"></script>

<script type="text/javascript" src="../_static/translations.js"></script>

<script type="text/javascript" src="../_static/sidebar.js"></script>

<link rel="search" type="application/opensearchdescription+xml"

title="在 Python 3.7.0 說明文件 中搜尋"

href="../_static/opensearch.xml"/>

<link rel="author" title="關於這些文件" href="../about.html" />

<link rel="index" title="索引" href="../genindex.html" />

<link rel="search" title="搜尋" href="../search.html" />

<link rel="copyright" title="Copyright" href="../copyright.html" />

<link rel="next" title="36.6. termios — POSIX style tty control" href="termios.html" />

<link rel="prev" title="36.4. grp — The group database" href="grp.html" />

<link rel="shortcut icon" type="image/png" href="../_static/py.png" />

<link rel="canonical" href="https://docs.python.org/3/library/crypt.html" />

<script type="text/javascript" src="../_static/copybutton.js"></script>

<script type="text/javascript" src="../_static/switchers.js"></script>

</head><body>

<div class="related" role="navigation" aria-label="related navigation">

<h3>瀏覽</h3>

<ul>

<li class="right" style="margin-right: 10px">

<a href="../genindex.html" title="General Index"

accesskey="I">索引</a></li>

<li class="right" >

<a href="../py-modindex.html" title="Python 模組索引"

>模組</a> |</li>

<li class="right" >

<a href="termios.html" title="36.6. termios — POSIX style tty control"

accesskey="N">下一頁</a> |</li>

<li class="right" >

<a href="grp.html" title="36.4. grp — The group database"

accesskey="P">上一頁</a> |</li>

<li><img src="../_static/py.png" alt=""

style="vertical-align: middle; margin-top: -1px"/></li>

<li><a href="https://www.python.org/">Python</a> &#187;</li>

<li>

<span class="language_switcher_placeholder">zh_TW</span>

<span class="version_switcher_placeholder">3.7.0</span>

<a href="../index.html">Documentation </a> &#187;

</li>

<li class="nav-item nav-item-1"><a href="index.html" >Python 標準函式庫 (Standard Library)</a> &#187;</li>

<li class="nav-item nav-item-2"><a href="unix.html" accesskey="U">36. Unix Specific Services</a> &#187;</li>

<li class="right">

<div class="inline-search" style="display: none" role="search">

<form class="inline-search" action="../search.html" method="get">

<input placeholder="Quick search" type="text" name="q" />

<input type="submit" value="Go" />

<input type="hidden" name="check_keywords" value="yes" />

<input type="hidden" name="area" value="default" />

</form>

</div>

<script type="text/javascript">$('.inline-search').show(0);</script>

|

</li>

</ul>

</div>

<div class="document">

<div class="documentwrapper">

<div class="bodywrapper">

<div class="body" role="main">

<div class="section" id="module-crypt">

<span id="crypt-function-to-check-unix-passwords"></span><h1>36.5. <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> — Function to check Unix passwords<a class="headerlink" href="#module-crypt" title="本標題的永久連結">¶</a></h1>

<p><strong>Source code:</strong> <a class="reference external" href="https://github.com/python/cpython/tree/3.7/Lib/crypt.py">Lib/crypt.py</a></p>

<hr class="docutils" id="index-0" />

<p>This module implements an interface to the <em class="manpage">crypt(3)</em> routine, which is

a one-way hash function based upon a modified DES algorithm; see the Unix man

page for further details. Possible uses include storing hashed passwords

so you can check passwords without storing the actual password, or attempting

to crack Unix passwords with a dictionary.</p>

<p id="index-1">Notice that the behavior of this module depends on the actual implementation of

the <em class="manpage">crypt(3)</em> routine in the running system. Therefore, any

extensions available on the current implementation will also be available on

this module.</p>

<div class="section" id="hashing-methods">

<h2>36.5.1. Hashing Methods<a class="headerlink" href="#hashing-methods" title="本標題的永久連結">¶</a></h2>

<div class="versionadded">

<p><span class="versionmodified">3.3 版新加入.</span></p>

<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the list of hashing methods (not all methods

are available on all platforms):</p>

<dl class="data">

<dt id="crypt.METHOD_SHA512">

<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA512</code><a class="headerlink" href="#crypt.METHOD_SHA512" title="本定義的永久連結">¶</a></dt>

<dd><p>A Modular Crypt Format method with 16 character salt and 86 character

hash based on the SHA-512 hash function. This is the strongest method.</p>

<dl class="data">

<dt id="crypt.METHOD_SHA256">

<code class="descclassname">crypt.</code><code class="descname">METHOD_SHA256</code><a class="headerlink" href="#crypt.METHOD_SHA256" title="本定義的永久連結">¶</a></dt>

<dd><p>Another Modular Crypt Format method with 16 character salt and 43

character hash based on the SHA-256 hash function.</p>

<dl class="data">

<dt id="crypt.METHOD_BLOWFISH">

<code class="descclassname">crypt.</code><code class="descname">METHOD_BLOWFISH</code><a class="headerlink" href="#crypt.METHOD_BLOWFISH" title="本定義的永久連結">¶</a></dt>

<dd><p>Another Modular Crypt Format method with 22 character salt and 31

character hash based on the Blowfish cipher.</p>

<div class="versionadded">

<p><span class="versionmodified">3.7 版新加入.</span></p>

<dl class="data">

<dt id="crypt.METHOD_MD5">

<code class="descclassname">crypt.</code><code class="descname">METHOD_MD5</code><a class="headerlink" href="#crypt.METHOD_MD5" title="本定義的永久連結">¶</a></dt>

<dd><p>Another Modular Crypt Format method with 8 character salt and 22

character hash based on the MD5 hash function.</p>

<dl class="data">

<dt id="crypt.METHOD_CRYPT">

<code class="descclassname">crypt.</code><code class="descname">METHOD_CRYPT</code><a class="headerlink" href="#crypt.METHOD_CRYPT" title="本定義的永久連結">¶</a></dt>

<dd><p>The traditional method with a 2 character salt and 13 characters of

hash. This is the weakest method.</p>

<div class="section" id="module-attributes">

<h2>36.5.2. Module Attributes<a class="headerlink" href="#module-attributes" title="本標題的永久連結">¶</a></h2>

<div class="versionadded">

<p><span class="versionmodified">3.3 版新加入.</span></p>

<dl class="attribute">

<dt id="crypt.methods">

<code class="descclassname">crypt.</code><code class="descname">methods</code><a class="headerlink" href="#crypt.methods" title="本定義的永久連結">¶</a></dt>

<dd><p>A list of available password hashing algorithms, as

<code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> objects. This list is sorted from strongest to

weakest.</p>

<div class="section" id="module-functions">

<h2>36.5.3. Module Functions<a class="headerlink" href="#module-functions" title="本標題的永久連結">¶</a></h2>

<p>The <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-mod docutils literal notranslate"><span class="pre">crypt</span></code></a> module defines the following functions:</p>

<dl class="function">

<dt id="crypt.crypt">

<code class="descclassname">crypt.</code><code class="descname">crypt</code><span class="sig-paren">(</span><em>word</em>, <em>salt=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.crypt" title="本定義的永久連結">¶</a></dt>

<dd><p><em>word</em> will usually be a user’s password as typed at a prompt or in a graphical

interface. The optional <em>salt</em> is either a string as returned from

<a class="reference internal" href="#crypt.mksalt" title="crypt.mksalt"><code class="xref py py-func docutils literal notranslate"><span class="pre">mksalt()</span></code></a>, one of the <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values (though not all

may be available on all platforms), or a full encrypted password

including salt, as returned by this function. If <em>salt</em> is not

provided, the strongest method will be used (as returned by

<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a>.</p>

<p>Checking a password is usually done by passing the plain-text password

as <em>word</em> and the full results of a previous <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a> call,

which should be the same as the results of this call.</p>

<p><em>salt</em> (either a random 2 or 16 character string, possibly prefixed with

<code class="docutils literal notranslate"><span class="pre">$digit$</span></code> to indicate the method) which will be used to perturb the

encryption algorithm. The characters in <em>salt</em> must be in the set

<code class="docutils literal notranslate"><span class="pre">[./a-zA-Z0-9]</span></code>, with the exception of Modular Crypt Format which

prefixes a <code class="docutils literal notranslate"><span class="pre">$digit$</span></code>.</p>

<p>Returns the hashed password as a string, which will be composed of

characters from the same alphabet as the salt.</p>

<p id="index-2">Since a few <em class="manpage">crypt(3)</em> extensions allow different values, with

different sizes in the <em>salt</em>, it is recommended to use the full crypted

password as salt when checking for a password.</p>

<div class="versionchanged">

<p><span class="versionmodified">3.3 版更變: </span>Accept <code class="docutils literal notranslate"><span class="pre">crypt.METHOD_*</span></code> values in addition to strings for <em>salt</em>.</p>

<dl class="function">

<dt id="crypt.mksalt">

<code class="descclassname">crypt.</code><code class="descname">mksalt</code><span class="sig-paren">(</span><em>method=None</em>, <em>*</em>, <em>rounds=None</em><span class="sig-paren">)</span><a class="headerlink" href="#crypt.mksalt" title="本定義的永久連結">¶</a></dt>

<dd><p>Return a randomly generated salt of the specified method. If no

<em>method</em> is given, the strongest method available as returned by

<a class="reference internal" href="#crypt.methods" title="crypt.methods"><code class="xref py py-func docutils literal notranslate"><span class="pre">methods()</span></code></a> is used.</p>

<p>The return value is a string suitable for passing as the <em>salt</em> argument

to <a class="reference internal" href="#module-crypt" title="crypt: The crypt() function used to check Unix passwords. (Unix)"><code class="xref py py-func docutils literal notranslate"><span class="pre">crypt()</span></code></a>.</p>

<p><em>rounds</em> specifies the number of rounds for <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code>,

<code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code>.

For <code class="docutils literal notranslate"><span class="pre">METHOD_SHA256</span></code> and <code class="docutils literal notranslate"><span class="pre">METHOD_SHA512</span></code> it must be an integer between

<code class="docutils literal notranslate"><span class="pre">1000</span></code> and <code class="docutils literal notranslate"><span class="pre">999_999_999</span></code>, the default is <code class="docutils literal notranslate"><span class="pre">5000</span></code>. For

<code class="docutils literal notranslate"><span class="pre">METHOD_BLOWFISH</span></code> it must be a power of two between <code class="docutils literal notranslate"><span class="pre">16</span></code> (2⁴)

and <code class="docutils literal notranslate"><span class="pre">2_147_483_648</span></code> (2³¹), the default is <code class="docutils literal notranslate"><span class="pre">4096</span></code>

(2¹²).</p>

<div class="versionadded">

<p><span class="versionmodified">3.3 版新加入.</span></p>

<div class="versionchanged">

<p><span class="versionmodified">3.7 版更變: </span>Added the <em>rounds</em> parameter.</p>

<div class="section" id="examples">

<h2>36.5.4. Examples<a class="headerlink" href="#examples" title="本標題的永久連結">¶</a></h2>

<p>A simple example illustrating typical use (a constant-time comparison

operation is needed to limit exposure to timing attacks.

<a class="reference internal" href="hmac.html#hmac.compare_digest" title="hmac.compare_digest"><code class="xref py py-func docutils literal notranslate"><span class="pre">hmac.compare_digest()</span></code></a> is suitable for this purpose):</p>

<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">pwd</span>

<span class="kn">import</span> <span class="nn">crypt</span>

<span class="kn">import</span> <span class="nn">getpass</span>

<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>

<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">&#39;Python login: &#39;</span><span class="p">)</span>

<span class="n">cryptedpasswd</span> <span class="o">=</span> <span class="n">pwd</span><span class="o">.</span><span class="n">getpwnam</span><span class="p">(</span><span class="n">username</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>

<span class="k">if</span> <span class="n">cryptedpasswd</span><span class="p">:</span>

<span class="k">if</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;x&#39;</span> <span class="ow">or</span> <span class="n">cryptedpasswd</span> <span class="o">==</span> <span class="s1">&#39;*&#39;</span><span class="p">:</span>

<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s1">&#39;no support for shadow passwords&#39;</span><span class="p">)</span>

<span class="n">cleartext</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">()</span>

<span class="k">return</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">cleartext</span><span class="p">,</span> <span class="n">cryptedpasswd</span><span class="p">),</span> <span class="n">cryptedpasswd</span><span class="p">)</span>

<span class="k">else</span><span class="p">:</span>

<span class="k">return</span> <span class="kc">True</span>

<p>To generate a hash of a password using the strongest available method and

check it against the original:</p>

<div class="highlight-python3 notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">crypt</span>

<span class="kn">from</span> <span class="nn">hmac</span> <span class="k">import</span> <span class="n">compare_digest</span> <span class="k">as</span> <span class="n">compare_hash</span>

<span class="n">hashed</span> <span class="o">=</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">)</span>

<span class="k">if</span> <span class="ow">not</span> <span class="n">compare_hash</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">crypt</span><span class="o">.</span><span class="n">crypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)):</span>

<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">&quot;hashed version doesn&#39;t validate against original&quot;</span><span class="p">)</span>

</div>

</div>

</div>

<div class="sphinxsidebar" role="navigation" aria-label="main navigation">

<div class="sphinxsidebarwrapper">

<h3><a href="../contents.html">目錄</a></h3>

<ul>

<li><a class="reference internal" href="#">36.5. <code class="docutils literal notranslate"><span class="pre">crypt</span></code> — Function to check Unix passwords</a><ul>

<li><a class="reference internal" href="#hashing-methods">36.5.1. Hashing Methods</a></li>

<li><a class="reference internal" href="#module-attributes">36.5.2. Module Attributes</a></li>

<li><a class="reference internal" href="#module-functions">36.5.3. Module Functions</a></li>

<li><a class="reference internal" href="#examples">36.5.4. Examples</a></li>

<h4>上個主題</h4>

<p class="topless"><a href="grp.html"

title="上一章">36.4. <code class="docutils literal notranslate"><span class="pre">grp</span></code> — The group database</a></p>

<h4>下個主題</h4>

<p class="topless"><a href="termios.html"

title="下一章">36.6. <code class="docutils literal notranslate"><span class="pre">termios</span></code> — POSIX style tty control</a></p>

<div role="note" aria-label="source link">

<h3>This Page</h3>

<ul class="this-page-menu">

<li><a href="../bugs.html">Report a Bug</a></li>

<li>

<a href="https://github.com/python/cpython/blob/3.7/Doc/library/crypt.rst"

rel="nofollow">Show Source

</a>

</li>

</ul>

</div>

</div>

</div>

<div class="clearer"></div>

</div>

<div class="related" role="navigation" aria-label="related navigation">

<h3>瀏覽</h3>

<ul>

<li class="right" style="margin-right: 10px">

<a href="../genindex.html" title="General Index"

>索引</a></li>

<li class="right" >

<a href="../py-modindex.html" title="Python 模組索引"

>模組</a> |</li>

<li class="right" >

<a href="termios.html" title="36.6. termios — POSIX style tty control"

>下一頁</a> |</li>

<li class="right" >

<a href="grp.html" title="36.4. grp — The group database"

>上一頁</a> |</li>

<li><img src="../_static/py.png" alt=""

style="vertical-align: middle; margin-top: -1px"/></li>

<li><a href="https://www.python.org/">Python</a> &#187;</li>

<li>

<span class="language_switcher_placeholder">zh_TW</span>

<span class="version_switcher_placeholder">3.7.0</span>

<a href="../index.html">Documentation </a> &#187;

</li>

<li class="nav-item nav-item-1"><a href="index.html" >Python 標準函式庫 (Standard Library)</a> &#187;</li>

<li class="nav-item nav-item-2"><a href="unix.html" >36. Unix Specific Services</a> &#187;</li>

<li class="right">

<div class="inline-search" style="display: none" role="search">

<form class="inline-search" action="../search.html" method="get">

<input placeholder="Quick search" type="text" name="q" />

<input type="submit" value="Go" />

<input type="hidden" name="check_keywords" value="yes" />

<input type="hidden" name="area" value="default" />

</form>

</div>

<script type="text/javascript">$('.inline-search').show(0);</script>

|

</li>

</ul>

</div>

<div class="footer">

&copy; <a href="../copyright.html">Copyright</a> 2001-2018, Python Software Foundation.

<br />

The Python Software Foundation is a non-profit corporation.

<a href="https://www.python.org/psf/donations/">Please donate.</a>

<br />

Last updated on 8月 22, 2018.

<a href="../bugs.html">Found a bug</a>?

<br />

Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.7.7.

</div>

</body>