use python to create compatible ldap password (md5crypt) on windows

Question

Do you know how to create a ldap compatible password (preferred md5crypt) via python on Windows

I used to write something like this in Linux but the crypt module is not present on Windows

char_set = string.ascii_uppercase + string.digits
salt = ''.join(random.sample(char_set,8))
salt = '$1$' + salt + '$'
pwd = "{CRYPT}" + crypt.crypt(str(old_password),salt)

Answer 1

The Passlib python library contains cross-platform implementations of all the crypt(3) algorithms. In particular, it contains ldap_md5_crypt, which sounds like exactly what you want. Here's how to use it (this code will work on windows or linux):

from passlib.hash import ldap_md5_crypt

#note salt generation is automatically handled
hash = ldap_md5_crypt.encrypt("password")

#hash will be similar to '{CRYPT}$1$wa6OLvW3$uzcIj2Puf3GcFDf2KztQN0'

#to verify a password...
valid = ldap_md5_crypt.verify("password", hash)

---

I should note that while MD5-Crypt is widely supported (Linux, all the BSDs, internally in openssl), it's none-the-less not the strongest hash available really horribly insecure, and should be avoided if at all possible. If you want the strongest hash that's compatible with linux crypt(), SHA512-Crypt is probably the way to go. It adds variable rounds, as well as some other improvements over MD5-Crypt internally.