security.py
81 lines
| 1.9 KiB
| text/x-python
|
PythonLexer
Stefan van der Walt
|
r5320 | """ | ||
Password generation for the IPython notebook. | ||||
""" | ||||
import hashlib | ||||
import random | ||||
Stefan van der Walt
|
r5328 | def passwd(passphrase, algorithm='sha1'): | ||
Stefan van der Walt
|
r5320 | """Generate hashed password and salt for use in notebook configuration. | ||
Stefan van der Walt
|
r5322 | In the notebook configuration, set `c.NotebookApp.password` to | ||
the generated string. | ||||
Stefan van der Walt
|
r5320 | Parameters | ||
---------- | ||||
passphrase : str | ||||
Password to hash. | ||||
Stefan van der Walt
|
r5328 | algorithm : str | ||
Hashing algorithm to use. | ||||
Stefan van der Walt
|
r5320 | |||
Returns | ||||
------- | ||||
hashed_passphrase : str | ||||
Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'. | ||||
Examples | ||||
-------- | ||||
In [1]: passwd('mypassword') | ||||
Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12' | ||||
""" | ||||
h = hashlib.new(algorithm) | ||||
Stefan van der Walt
|
r5329 | salt = '%04x' % random.getrandbits(16) | ||
Stefan van der Walt
|
r5320 | h.update(passphrase + salt) | ||
return ':'.join((algorithm, salt, h.hexdigest())) | ||||
def passwd_check(hashed_passphrase, passphrase): | ||||
"""Verify that a given passphrase matches its hashed version. | ||||
Parameters | ||||
---------- | ||||
hashed_passphrase : str | ||||
Hashed password, in the format returned by `passwd`. | ||||
passphrase : str | ||||
Passphrase to validate. | ||||
Returns | ||||
------- | ||||
valid : bool | ||||
True if the passphrase matches the hash. | ||||
Examples | ||||
-------- | ||||
In [1]: from IPython.lib.security import passwd_check | ||||
In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12', | ||||
...: 'mypassword') | ||||
Out[2]: True | ||||
In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12', | ||||
...: 'anotherpassword') | ||||
Out[3]: False | ||||
""" | ||||
try: | ||||
algorithm, salt, pw_digest = hashed_passphrase.split(':', 2) | ||||
except (ValueError, TypeError): | ||||
return False | ||||
Stefan van der Walt
|
r5328 | try: | ||
h = hashlib.new(algorithm) | ||||
except ValueError: | ||||
return False | ||||
if len(pw_digest) == 0 or len(salt) != 4: | ||||
Stefan van der Walt
|
r5320 | return False | ||
h.update(passphrase + salt) | ||||
return h.hexdigest() == pw_digest | ||||