Friday, 20 February 2004

Python fcrypt

I’ve written a pure Python implementation of the Unix crypt(3) algorithm, and packaged it with Distutils and with doc strings for pydoc and doctest. It’s based on Eric A. Young’s optimised fcrypt code, which was written in C.

Download the most recent version:

There are some known problems with this software:

  • The bitwise arithmetic relies on the specific behaviour of Python 2.2 and earlier when overflowing an integer on 32-bit architectures. Python 2.3 works the same but generates a very large number of warnings. Python 2.4 converts many of the intermediate results from the int to the long type, which still works, but is a bit slower.

    Since I don’t really understand how the original algorithm and C code works, fixing this is quite difficult for me.

  • If you try to use MD5-crypted passwords which use a salt beginning with $1$, the current version uses $1 as the salt, and the DES crypt algorithm.

In view of the preceding points, and the low security provided by the DES-based password hashing algorithm, I recommend that you use Michal Wallace’s md5crypt unless you really need compatibility with other software using the same algorithm. In a future version, I may try to provide MD5-based hashing in addition to the current algorithm.

If you’re still on Python 2.3 and you’d like to just get rid of the warnings, you have two options. You could add a command line option when you start Python:

    python2.3 -Wignore::FutureWarning:fcrypt ...

Or you could include extra code before importing the module:

    import warnings
    warnings.filterwarnings('ignore', '', FutureWarning, 'fcrypt$', 0)