Sujet : Password Hash Validation (Posting On Python-List Prohibited)
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.lang.pythonDate : 19. Jun 2024, 09:36:20
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v4u1pk$1rq9m$3@dont-email.me>
User-Agent : Pan/0.158 (Avdiivka; )
I am writing code to validate entered user passwords against hashes
served up from /etc/shadow via LDAP. I had previously used passlib
<
https://passlib.readthedocs.io> to do the hashing. But now I discover
it is not keeping up; for example, Debian and other distros are now
using yescrypt (hashes with “$y$” prefix), but passlib has no support
for that.
However, one language that does seem able to keep up to date is Perl.
So here’s my current password validation function:
def validate_password(password, hash) :
"hashes password using the algorithm and salt prefix from hash, and" \
" returns whether the result matches hash."
outhash = subprocess.check_output \
(
args = ("perl", "-e", "print crypt($ENV{\"PW\"}, $ENV{\"HASH\"});"),
env = {"PW" : password, "HASH" : hash},
text = True
).strip()
return \
outhash == hash
#end validate_password
Password Hash Validation (Posting On Python-List Prohibited)
Re: Password Hash Validation (Posting On Python-List Prohibited)
