Mihamina Rakotomandimby mihamina@gulfsat.mg : Now, it's time to move to CRYPT scheme.
Before that, I would like to know how things happen. [...] Am I close enough to reality? Too far?
I read further and saw: http://php.net/manual/en/function.crypt.php The standard DES-based crypt() returns the salt as the first two characters of the output. It also only uses the first eight characters of str, so longer strings that start with the same eight characters will generate the same result (when the same salt is used). [...]
<?php $password = crypt('mypassword'); if (crypt($user_input, $password) == $password) { echo "Password verified!"; } ?>
And also: http://docs.python.org/library/crypt.html crypt.crypt(word, salt) word will usually be a user’s password as typed at a prompt or in a graphical interface. salt is usually a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways. The characters in salt must be in the set [./a-zA-Z0-9]. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt (the first two characters represent the salt itself). Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password. [...] def login(): username = raw_input('Python login:') cryptedpasswd = pwd.getpwnam(username)[1] if cryptedpasswd: if cryptedpasswd == 'x' or cryptedpasswd == '*': raise NotImplementedError( "Sorry, currently no support for shadow passwords") cleartext = getpass.getpass() return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd else: return 1
I think it's OK for me, now.
-- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche & Developpement +261 3456 000 19