Blowfish support in crypt python library

Question

I tried to crypt a password using a blowfish hashing algorithm by:

c_word = crypt.crypt(password, insalt)

Actually, insalt including the next format: $hashing_algo$salt$.

For example: here the password is 123456 and the insalt is $2y$04$aaaabbbbccccddddeeee$

According https://www.dcode.fr/crypt-hasing-function that's the right insalt, in contrast to the common format $hashing_algo$salt$hashed$ by https://www.cyberciti.biz/faq/understanding-etcshadow-file/.

After that line I got that value of c_word is *0 for each password and insalt values. How can I solve this problem?

Thanks

Answer 1

I see that you want to hash your own function with your own hash with blowfish algorithm. First according to crypt man page Blowfish number is 2a not 2y. The other problem is that python crypt implementation seems to need a rounds field which according to documentation.

where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise.

The last thing is the salt length which seems to must be equal to 22 chars same as MD5 which according to ``crypt``` man page seems to range up to 16 chars except for MD5, SHA256, SHA512 which need to be fixed in size of 22, 43, 86 respectivly.

so here is the code after fixing these issues.

import crypt

salt = "$2a$12$qwertyuioplkjhgfdsazxc"
c_word = crypt.crypt("123456", salt)
print(c_word)

This confusion is maybe because of blowfish is not part of glibc crypt function but added by Linux distributions themselves.