Porting hashs from php's crypt() to python

3
votes

I was wondering if there is a python cognate to PHP's crypt() function that performs in a similar way, generating a random salt and embedding it within the saved string.

I have a table of hashed passwords that were created using the $5$ string key to setup a SHA256 based salted cryptogram. These hashes had some additional recorded entropy attached to both ends at a fixed interval, but splitting these characters off the string and getting the core hash is trivial and not a problem at all.

I've looked at the python documentation and can't find any methods in hashlib that seem to utilize the same syntax from php's crypt(). Is the approach utilized in PHP (the input format split with dollar signs between salt, algo and rounds) unique to the language?

Thanks.

EDIT:

It looks as though the revised version of python's own native crypt function is going to utilize procedures similar to that of PHP. From the 3.3 pre-release documentation:

http://docs.python.org/dev/library/crypt.html

EDIT:

Finally found Passlib, a library that provides this functionality in pure python.

http://packages.python.org/passlib/index.html

2
phppythoncrypthashlib
passlib doesn't allow you to put your own salt.Jürgen Paul

2 Answers

1
votes

It certainly looks very similar to FreeBSD's crypt (see "modular crypt" in the manpage). I don't really recall if it's the same way in Linux or other but this seems to indicate it's not unique.

There's no direct equivalent in Python as far as I know, but it shouldn't be too hard to roll your own since the encryption algorithms themselves should be supported in hashlib.

2
votes

I realize that this question is old, however I found it while I was trying to implement a login algorithm in Python that was originally written in PHP. The crypt function in PHP uses any of a handful of somewhat insecure DES algorithms, including bcrypt. It depends on what you hash your string with. Passlib is pretty much your best bet for replicating the functionality your application is currently getting from PHP crypt. Take one of your hashed passwords, and look at the front of the string. You should see something like $2a$, $3$, $6$ (or similar). Note that if this string does not exist, you are more than likely using standard DES hashing.

Take that info to this link:

http://pythonhosted.org/passlib/modular_crypt_format.html#mcf-identifiers

Then, match it up to the algorithm you need to implement in Python. The Scheme identifiers are links to the passlib documentation regarding that hashing algorithm. At this point, you should have all the info you need to complete your reimplementation.