##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Use a global variable to adjust the number of bits used to generate the salt.
Use a global variable to adjust the number of bits used to generate the salt.
Stefan van der Walt - - Load All Authors

File last commit:

r5332:8457e379
r5332:8457e379
Show More
security.py
86 lines | 2.1 KiB | text/x-python | PythonLexer
/ IPython / lib / security.py
History | Source | Raw |Copy content |Copy permalink
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320 """
Password generation for the IPython notebook.
"""
import hashlib
import random
Stefan van der Walt
Use a global variable to adjust the number of bits used to generate the salt.
 r5332 # Length of the salt in nr of hex chars, which implies salt_len * 4
# bits of randomness.
salt_len = 12
Stefan van der Walt
Allow any hashing algorithm.
 r5328 def passwd(passphrase, algorithm='sha1'):
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320 """Generate hashed password and salt for use in notebook configuration.
Stefan van der Walt
In passwd, mention which variable in the notebook config to update.
 r5322 In the notebook configuration, set `c.NotebookApp.password` to
the generated string.
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320 Parameters
----------
passphrase : str
Password to hash.
Stefan van der Walt
Allow any hashing algorithm.
 r5328 algorithm : str
Stefan van der Walt
Update docstring to refer to hashlib.
 r5331 Hashing algorithm to use (e.g, 'sha1' or any argument supported
by :func:`hashlib.new`).
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320
Returns
-------
hashed_passphrase : str
Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.
Examples
--------
In [1]: passwd('mypassword')
Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'
"""
h = hashlib.new(algorithm)
Stefan van der Walt
Use a global variable to adjust the number of bits used to generate the salt.
 r5332 salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320 h.update(passphrase + salt)
return ':'.join((algorithm, salt, h.hexdigest()))
def passwd_check(hashed_passphrase, passphrase):
"""Verify that a given passphrase matches its hashed version.
Parameters
----------
hashed_passphrase : str
Hashed password, in the format returned by `passwd`.
passphrase : str
Passphrase to validate.
Returns
-------
valid : bool
True if the passphrase matches the hash.
Examples
--------
In [1]: from IPython.lib.security import passwd_check
In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
...: 'mypassword')
Out[2]: True
In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
...: 'anotherpassword')
Out[3]: False
"""
try:
algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
except (ValueError, TypeError):
return False
Stefan van der Walt
Allow any hashing algorithm.
 r5328 try:
h = hashlib.new(algorithm)
except ValueError:
return False
Stefan van der Walt
Use a global variable to adjust the number of bits used to generate the salt.
 r5332 if len(pw_digest) == 0 or len(salt) != salt_len:
Stefan van der Walt
Add hashed passphrase generation and verification.
 r5320 return False
h.update(passphrase + salt)
return h.hexdigest() == pw_digest