Py 3.13 support?

[dirkmueller]

Environment

• netutils version: 1.10.0

Running tests on netutils in a python 3.13 enviroment indicates that it will no longer work:

  /usr/lib/python3.13/site-packages/_pytest/assertion/rewrite.py:184: in exec_module
      exec(co, module.__dict__)
  tests/unit/test_password.py:5: in <module>
     from netutils import password
 netutils/password.py:4: in <module>
     import crypt  # pylint: disable=deprecated-module
 E   ModuleNotFoundError: No module named 'crypt'

Proposed Functionality

tests should pass on python 3.13.

[MeggyCal]

Hi, I put the line to Gemini and it suggested something. Could you please review? The answer from Gemini is:

Here's how to migrate crypt.crypt(unencrypted_password, f"$1${salt}$") from crypt to hashlib on Python 3:
Python

import hashlib

def crypt_hashlib(unencrypted_password, salt):
  """Hashes a password using hashlib and returns a string in the same format as crypt.crypt().

  Args:
    unencrypted_password: The password to hash.
    salt: The salt to use for hashing.

  Returns:
    A string containing the hashed password and salt in the format "$1$salt$hashed_password".
  """

  # Hash the password using SHA-256.
  hashed_password = hashlib.sha256(unencrypted_password.encode('utf-8')).hexdigest()

  # Combine the salt and hashed password.
  return f"$1${salt}${hashed_password}"

# Example usage:
unencrypted_password = "your_password"
salt = "your_salt"

hashed_password = crypt_hashlib(unencrypted_password, salt)

print(hashed_password)

This code defines a function crypt_hashlib that takes the unencrypted password and salt as arguments. It then hashes the password using SHA-256 and combines the salt and hashed password into a string in the format "$1$salt$hashed_password". This is the same format that is used by the crypt.crypt function.

The example usage shows how to use the crypt_hashlib function to hash a password. The hashed password is then printed to the console.

Here are some additional things to keep in mind:

• The crypt_hashlib function uses SHA-256 to hash passwords. This is a more secure hashing algorithm than the MD5 algorithm that is used by the crypt.crypt function.

• The crypt_hashlib function does not use a magic number to salt the password. This means that you will need to generate your own salt and pass it to the function.

• The crypt_hashlib function does not use a rounds parameter. This means that the password will be hashed once. You can increase the number of rounds by using the hashlib.pbkdf2_hmac function.

I hope this helps! Let me know if you have any other questions.

[MeggyCal]

Returns:
A string containing the hashed password and salt in the format "$1$salt$hashed_password".

I actually think it got this thing wrong (and the code too), it should have been salt-than-hash, not hash-than-salt (from what I understand).

[s-t-e-v-e-n-k]

Here are some additional things to keep in mind:

* The `crypt_hashlib` function uses SHA-256 to hash passwords. This is a more secure hashing algorithm than the MD5 algorithm that is used by the `crypt.crypt` function.

The existing code uses crypt.crypt() to hash passwords like older Cisco routers use. Using SHA-256 certainly won't help here.