0 "+ˆl–Ým_JJh¥² ¸È®2ò˜´oÑ ‚tпξ+.. highlightlang:: c .. _abstract: ********************** Abstract Objects Layer ********************** The functions in this chapter interact with Python objects regardless of their type, or with wide classes of object types (e.g. all numerical types, or all sequence types). When used on object types for which they do not apply, they will raise a Python exception. It is not possible to use these functions on objects that are not properly initialized, such as a list object that has been created by :c:func:`PyList_New`, but whose items have not been set to some non-\ ``NULL`` value yet. .. toctree:: object.rst number.rst sequence.rst mapping.rst iter.rst objbuffer.rst -ˆÒÑ ƒŸпÎô- :mod:`crypt` --- Function to check Unix passwords ================================================= .. module:: crypt :platform: Unix :synopsis: The crypt() function used to check Unix passwords. .. moduleauthor:: Steven D. Majewski .. sectionauthor:: Steven D. Majewski .. sectionauthor:: Peter Funk .. index:: single: crypt(3) pair: cipher; DES This module implements an interface to the :manpage:`crypt(3)` routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include allowing Python scripts to accept typed passwords from the user, or attempting to crack Unix passwords with a dictionary. .. index:: single: crypt(3) Notice that the behavior of this module depends on the actual implementation of the :manpage:`crypt(3)` routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module. .. function:: crypt(word, salt) *word* will usually be a user's password as typed at a prompt or in a graphical interface. *salt* is usually a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways. The characters in *salt* must be in the set ``[./a-zA-Z0-9]``. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt (the first two characters represent the salt itself). .. index:: single: crypt(3) Since a few :manpage:`crypt(3)` extensions allow different values, with different sizes in the *salt*, it is recommended to use the full crypted password as salt when checking for a password. A simple example illustrating typical use:: import crypt, getpass, pwd def login(): username = raw_input('Python login:') cryptedpasswd = pwd.getpwnam(username)[1] if cryptedpasswd: if cryptedpasswd == 'x' or cryptedpasswd == '*': raise NotImplementedError( "Sorry, currently no support for shadow passwords") cleartext = getpass.getpass() return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd else: return 1 "/ˆl–Ãa¾”ªeJu@·pÜlJbÑ¿Ò ƒ ÀÏ/Random number generation ======================== When generating random data for use in cryptographic operations, such as an initialization vector for encryption in :class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not want to use the standard :mod:`random` module APIs. This is because they do not provide a cryptographically secure random number generator, which can result in major security issues depending on the algorithms in use. Therefore, it is our recommendation to `always use your operating system's provided random number generator`_, which is available as :func:`os.urandom`. For example, if you need 16 bytes of random data for an initialization vector, you can obtain them with: .. doctest:: >>> import os >>> iv = os.urandom(16) This will use ``/dev/urandom`` on UNIX platforms, and ``CryptGenRandom`` on Windows. If you need your random number as an integer (for example, for :meth:`~cryptography.x509.Certifica