upstream/ipython Files · IPython/lib/security.py

Notify user about invalid password.

Stefan van der Walt - - Load All Authors

File last commit:

r5322:8e032917


                r5323:7ab92dd6

Download file

             security.py
        
                    82 lines
            
             | 2.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / lib / security.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
      """

      Password generation for the IPython notebook.

      """

      import hashlib

      import random

      def passwd(passphrase):

          """Generate hashed password and salt for use in notebook configuration.

        Stefan van der Walt
    
In passwd, mention which variable in the notebook config to update.

              r5322
            
          In the notebook configuration, set `c.NotebookApp.password` to

          the generated string.

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          Parameters

          ----------

          passphrase : str

              Password to hash.

          Returns

          -------

          hashed_passphrase : str

              Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

          Examples

          --------

          In [1]: passwd('mypassword')

          Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

          """

          algorithm = 'sha1'

          h = hashlib.new(algorithm)

          salt = hex(int(random.getrandbits(16)))[2:]

          h.update(passphrase + salt)

          return ':'.join((algorithm, salt, h.hexdigest()))

      def passwd_check(hashed_passphrase, passphrase):

          """Verify that a given passphrase matches its hashed version.

          Parameters

          ----------

          hashed_passphrase : str

              Hashed password, in the format returned by `passwd`.

          passphrase : str

              Passphrase to validate.

          Returns

          -------

          valid : bool

              True if the passphrase matches the hash.

          Examples

          --------

          In [1]: from IPython.lib.security import passwd_check

          In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'mypassword')

          Out[2]: True

          In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'anotherpassword')

          Out[3]: False

          """

          # Algorithm and hash length

          supported_algorithms = {'sha1': 40}

          try:

              algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)

          except (ValueError, TypeError):

              return False

          if not (algorithm in supported_algorithms and \

                  len(pw_digest) == supported_algorithms[algorithm] and \

                  len(salt) == 4):

              return False

          h = hashlib.new(algorithm)

          h.update(passphrase + salt)

          return h.hexdigest() == pw_digest

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Stefan van der Walt Add hashed passphrase generation and verification.	r5320	"""
		Password generation for the IPython notebook.
		"""

		import hashlib
		import random

		def passwd(passphrase):
		"""Generate hashed password and salt for use in notebook configuration.

Stefan van der Walt In passwd, mention which variable in the notebook config to update.	r5322	In the notebook configuration, set `c.NotebookApp.password` to
		the generated string.

Stefan van der Walt Add hashed passphrase generation and verification.	r5320	Parameters
		----------
		passphrase : str
		Password to hash.

		Returns
		-------
		hashed_passphrase : str
		Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

		Examples
		--------
		In [1]: passwd('mypassword')
		Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

		"""
		algorithm = 'sha1'

		h = hashlib.new(algorithm)
		salt = hex(int(random.getrandbits(16)))[2:]
		h.update(passphrase + salt)

		return ':'.join((algorithm, salt, h.hexdigest()))

		def passwd_check(hashed_passphrase, passphrase):
		"""Verify that a given passphrase matches its hashed version.

		Parameters
		----------
		hashed_passphrase : str
		Hashed password, in the format returned by `passwd`.
		passphrase : str
		Passphrase to validate.

		Returns
		-------
		valid : bool
		True if the passphrase matches the hash.

		Examples
		--------
		In [1]: from IPython.lib.security import passwd_check

		In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
		...: 'mypassword')
		Out[2]: True

		In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
		...: 'anotherpassword')
		Out[3]: False

		"""
		# Algorithm and hash length
		supported_algorithms = {'sha1': 40}

		try:
		algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
		except (ValueError, TypeError):
		return False

		if not (algorithm in supported_algorithms and \
		len(pw_digest) == supported_algorithms[algorithm] and \
		len(salt) == 4):
		return False

		h = hashlib.new(algorithm)
		h.update(passphrase + salt)

		return h.hexdigest() == pw_digest