Geek Answers Handbook

Use python to create compatible ldap password (md5crypt) in windows

Do you know how to create ldap-compatible password (preferred md5crypt) via python on Windows

I am writing something like this on Linux, but the crypt module is missing on Windows

char_set = string.ascii_uppercase + string.digits salt = ''.join(random.sample(char_set,8)) salt = '$1$' + salt + '$' pwd = "{CRYPT}" + crypt.crypt(str(old_password),salt)
+3
source share
4 answers

Passlib Python library contains cross-platform implementations of all crypt (3) algorithms. In particular, it contains ldap_md5_crypt , which sounds exactly the way you want. Here's how to use it (this code will work on Windows or Linux):

 from passlib.hash import ldap_md5_crypt #note salt generation is automatically handled hash = ldap_md5_crypt.encrypt("password") #hash will be similar to '{CRYPT}$1$wa6OLvW3$uzcIj2Puf3GcFDf2KztQN0' #to verify a password... valid = ldap_md5_crypt.verify("password", hash)

I should note that although MD5-Crypt is widely supported (Linux, all BSDs, internally in openssl), however, this is not the strongest hash available, it is actually terribly unsafe, and should be avoided if at all possible. If you need the strongest linux crypt () compatible hash, SHA512-Crypt is probably for you. It adds variable rounds, as well as some other improvements inside MD5-Crypt.

+3
source

From here http://www.openldap.org/faq/data/cache/347.html

One of the options for generating a SHA hash can be:

 import sha from base64 import b64encode ctx = sha.new("your_password") hash = "{SHA}" + b64encode(ctx.digest()) print(hash)

This code is for Python.

 # python my_sha.py {SHA}Vk40DNSEN9Lf6HbuFUzJncTQ0Tc=

I (and not just me) do not recommend using MD5 anymore.

PS. Follow the link, you can try several options for windows.

+3
source

You want to use fcrypt , which is a pure Python implementation of the Unix crypt module. This is a bit slower than crypt , but has the same functionality.

+1
source

Disclaimer: I know Google, not cryptography.

From crypt docs :

This module implements the interface for the crypt procedure (3), which is a one-way hash function based on a modified DES algorithm; see the Unix man page for more information. Possible uses include the ability to use Python scripts to accept entered passwords from a user or attempt to crack Unix passwords with a dictionary.

You can look at md5crypt.py . Alternatively, crypt for Windows is part of GnuWin32 . Here are some of the Unix man pages; Windows interface should be similar.

CRYPT (3) Linux Programmer's Guide
CRYPT (3)

NAME crypt, crypt_r - password and data encryption

SYNTAX

  #define _XOPEN_SOURCE #include <unistd.h> char *crypt(const char *key, const char *salt); char *crypt_r(const char *key, const char *salt, struct crypt_data *data);

Link to -lcrypt.

DESCRIPTION

crypt () is a password encryption function. It is based on data encryption algorithm Standard algorithms with variations (among other things) to prevent the use of hardware key search implementations.

Key

is the password entered by the user.

salt is a two-character string selected from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.

Taking the least significant 7 bits of each of the first eight characters of a key, a 56-bit key. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The return value indicates an encrypted password, a series of 13 printed ASCII characters (the first two characters represent the salt itself). The return value indicates static data whose contents are overwritten by each call.

Note: The key space consists of 2 ** 56 equal to 7.2e16 possible values. Comprehensive searches for this key space are possible using massively partial-allel computers. Software is available, such as crack (1), which will find part of this key space that people usually use for passwords. Therefore, choosing a password should, at a minimum, avoid common words and names. Using the passwd (1) program, which checks for the use of cracked passwords during the selection process, is recommended.

The DES algorithm itself has several features that make using crypt () a very poor choice for anything but password authentication. If you plan to use the crypt () interface for a cryptographic project, do not do this: get a good book on encryption as well as one of the widely available DES libraries.

0
source

More articles:


All Articles