In article <mailman.551.1331411820.3037.python-l...@python.org>, Christian Heimes <li...@cheimes.de> wrote:
> Am 10.03.2012 21:15, schrieb Roy Smith: > > By today's standards, the algorithm isn't considered very strong. The > > only place I'm aware that uses it is unix password files, and even there > > many (most?) systems have replaced it with something stronger such as > > SHA1. Maybe Apache .htaccess files? > > The algorithm with identifier 6 is a SHA-512 crypt algorithm with a > lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's > the default algorithm on modern Linux machines and believed to be very > secure. > > The large salt makes a rainbow table attack impossible and the 40,000 > rounds require a lot of CPU time, even on modern systems. But is that what crypt.crypt() does? I though it implemented the old-style triple-DES. -- http://mail.python.org/mailman/listinfo/python-list
