I’d like to announce here that due to the need to implement yescrypt in the Fedora installer, we have packaged crypt_r as a standalone package available from PyPI.
It is a copy/fork of the removed standard library crypt module. Unlike crypt, our package always exposes the crypt_r(3) function, not crypt(3). Note that crypt_r is not part of any standard. We tested the package with the crypt_r implementation in Fedora Linux (libxcrypt), and it should work with compatible implementations of crypt_r (such as libcrypt.so from older glibc).
To use this module, you can either import crypt_r explicitly or use the old crypt name for backward compatibility. However, on Python older than 3.13, the crypt module from the standard library will usually take precedence on sys.path.
From PEP 594:
- The module is not available on Windows. Cross-platform applications need an alternative implementation anyway.
This is acknowledged, crypt_r explicitly only supports Linux.
- Only DES encryption is guaranteed to be available. DES has an extremely limited key space of 2**56.
Other methods are available on modern Linux, such as Fedora Linux.
- MD5, salted SHA256, salted SHA512, and Blowfish are optional extensions. SSHA256 and SSHA512 are glibc extensions. Blowfish (bcrypt) is the only algorithm that is still secure. However it’s in glibc and therefore not commonly available on Linux.
glibc extensions are available in Fedora Linux.
- Depending on the platform, the
cryptmodule is not thread safe. Only implementations withcrypt_r(3)are thread safe.
crypt_r (the Python package) always uses crypt_r (the C function).
- The module was never useful to interact with system user and password databases. On BSD, macOS, and Linux, all user authentication and password modification operations must go through PAM (pluggable authentication module); see the spwd deprecation.
The module is useful for the Fedora installer.
We will maintain this package at least as long as the Fedora installer needs it (currently that means indefinitely), but we plan no future development, only bugfixes. Python 3.11+ is supported (Python 3.10 or older did not emit deprecation warnings for the crypt module).