md5-crypt now uses stdlib backend if available

3 files changed, 38 insertions, 10 deletions

diff --git a/docs/notes.txt b/docs/notes.txt
index 2c14955..8c9b28a 100644
--- a/docs/notes.txt
+++ b/docs/notes.txt
@@ -233,7 +233,8 @@ offset 169-216 ( 48 chars) - salted sha1 hash - unhex first 8 chars + password |
 policy file format
 
 [passlib.policy]
-des-crypt:decpreated = true
+default = sha512-crypt
+deprecate = des-crypt
 sha512-crypt:default-rounds = 40000
 sha512-crypt:min-rounds = 30000
 sha512-crypt:max-rounds = 50000
diff --git a/passlib/unix/md5_crypt.py b/passlib/unix/md5_crypt.py
index f3ce4ed..f44af6b 100644
--- a/passlib/unix/md5_crypt.py
+++ b/passlib/unix/md5_crypt.py
@@ -1,6 +1,4 @@
 """passlib - implementation of various password hashing functions
-
-http://unix.derkeiler.com/Newsgroups/comp.unix.solaris/2004-04/0199.html
 """
 #=========================================================
 #imports
@@ -24,7 +22,7 @@ __all__ = [
 ]
 
 #=========================================================
-#backend
+#default backend
 #=========================================================
 def raw_md5_crypt(secret, salt, apr=False):
     "perform raw md5 encryption"
@@ -118,6 +116,29 @@ def raw_md5_crypt(secret, salt, apr=False):
     return out
 
 #=========================================================
+#choose backend
+#=========================================================
+
+#NOTE: AprMd5Crypt will always use builtin backend
+
+#fallback to default backend (defined above)
+backend = "builtin"
+
+#check if stdlib crypt is available, and if so, if OS supports $1$
+#XXX: is this test expensive enough it should be delayed
+#until md5-crypt is requested?
+
+try:
+    from crypt import crypt
+except ImportError:
+    crypt = None
+else:
+    if crypt("test", "$1$test") == '$1$test$pi/xDtU5WFVRqYS6BMU8X/':
+        backend = "stdlib"
+    else:
+        crypt = None
+
+#=========================================================
 #id 1 -- md5
 #=========================================================
 class Md5Crypt(ExtCryptHandler):
@@ -189,15 +210,21 @@ class Md5Crypt(ExtCryptHandler):
     def encrypt(cls, secret, salt=None):
         "encrypt an md5-crypt hash"
         salt = cls._norm_salt(salt)
-        checksum = cls._raw_encrypt(secret, salt)
-        return cls.render(salt=salt, checksum=checksum)
+        if crypt:
+            #use system implementation
+            config = cls.render(salt)
+            if isinstance(secret, unicode):
+                secret = secret.encode("utf-8")
+            return crypt(secret, config)
+        else:
+            checksum = cls._raw_encrypt(secret, salt)
+            return cls.render(salt=salt, checksum=checksum)
 
     @classmethod
     def verify(cls, secret, hash):
         "verify an md5-crypt hash"
         info = cls.parse(hash)
-        checksum = cls._raw_encrypt(secret, info['salt'])
-        return checksum == info['checksum']
+        return hash == cls.encrypt(secret, info['salt'])
 
     #=========================================================
     #eoc
@@ -209,7 +236,7 @@ register_crypt_handler(Md5Crypt)
 #apache variant of md5 crypt
 #=========================================================
 class AprMd5Crypt(Md5Crypt):
-    "Apache variant of md5-crypt, sometimes used in htpasswd files"
+    "Apache variant of md5-crypt, used in htpasswd files"
 
     name = "apr-md5-crypt"
 
diff --git a/passlib/utils/des.py b/passlib/utils/des.py
index e899cd5..ca27f10 100644
--- a/passlib/utils/des.py
+++ b/passlib/utils/des.py
@@ -6,7 +6,7 @@ They do not support multi-block operation or decryption,
 since they are designed for use in password hash algorithms
 such as ``lmhash`` and ``des-crypt``.
 
-.. function:: des_expand_key
+.. function:: expand_des_key
 .. function:: des_encrypt_block
 .. function:: mdes_encrypt_int_block
 """