3

I have code that outputs all possible combinations of characters from a given character list as follows:

def charList():
    charSet = string.ascii_letters + string.digits
    for wordchars in product(charSet, repeat=8):
        print(''.join(wordchars))

Now I need to turn the output strings into a DES hash then compare the output to user input to see if any matches are found.

Have been doing some research and haven't made much progress. So wondering if anyone on here could help?

Improve this question
1
  • 5
    DES is a block cipher, not a hash function. In other words, you don't hash stuff with DES, you encrypt it. While there are ways to construct hash functions from block ciphers, you'll have to specify which one you mean (and I doubt this is what you meant in the first place). Commented Nov 14, 2012 at 17:43

3 Answers 3

Reset to default
2

If you want to hash strings (and not encrypt them), you can use the built-in hashlib module:

>>> import hashlib
>>> m = hashlib.md5()
>>> m.update("Nobody inspects")
>>> m.update(" the spammish repetition")
>>> m.digest()
'\xbbd\x9c\x83\xdd\x1e\xa5\xc9\xd9\xde\xc9\xa1\x8d\xf0\xff\xe9'

EDIT: as said in the comments, prefer hashlib.sha256() which is far more secured today.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Though md5 is a pretty horrible choice this day and age, except for checksums (and even there, SHA-* are getting more popular).
Ok, good to know that, thanks. Can you please explain more in details ?
MD5 has a comparatively small output size and numerous attacks against it exist (and chances are more will be discovered). Depending on your use case, the value of generating a collision, and the resources of the attackers, it can be a serious problem. For example, the Flame malware exploited an MD5 collision to abuse a Microsoft certificate. That, coupled with the existence of far better cryptographic hashing algorithms (for example, SHA-2), means one probably shouldn't be using MD5 at all any more.
1

Quick search for DES and Python gave me these libraries:

Improve this answer

Comments

1

http://docs.python.org/2/library/crypt.html

Platforms: Unix

This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include allowing Python scripts to accept typed passwords from the user, or attempting to crack Unix passwords with a dictionary.

Notice that the behavior of this module depends on the actual implementation of the crypt(3) routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module

crypt.crypt(word, salt)

word will usually be a user’s password as typed at a prompt or in a graphical interface. salt is usually a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways. The characters in salt must be in the set [./a-zA-Z0-9]. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt (the first two characters represent the salt itself).

Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.

A simple example illustrating typical use:

import crypt, getpass, pwd 
def login():
        username = raw_input('Python login:')
        cryptedpasswd = pwd.getpwnam(username)[1]
        if cryptedpasswd:
            if cryptedpasswd == 'x' or cryptedpasswd == '*':
                raise NotImplementedError(
                    "Sorry, currently no support for shadow passwords")
            cleartext = getpass.getpass()
            return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
        else:
            return 1
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.