##// END OF EJS Templates
Remove unnecessary check on password salt length.
Fernando Perez -
Show More
@@ -1,117 +1,117 b''
1 1 """
2 2 Password generation for the IPython notebook.
3 3 """
4 4 #-----------------------------------------------------------------------------
5 5 # Imports
6 6 #-----------------------------------------------------------------------------
7 7 # Stdlib
8 8 import getpass
9 9 import hashlib
10 10 import random
11 11
12 12 # Our own
13 13 from IPython.core.error import UsageError
14 14 from IPython.testing.skipdoctest import skip_doctest
15 15
16 16 #-----------------------------------------------------------------------------
17 17 # Globals
18 18 #-----------------------------------------------------------------------------
19 19
20 20 # Length of the salt in nr of hex chars, which implies salt_len * 4
21 21 # bits of randomness.
22 22 salt_len = 12
23 23
24 24 #-----------------------------------------------------------------------------
25 25 # Functions
26 26 #-----------------------------------------------------------------------------
27 27
28 28 @skip_doctest
29 29 def passwd(passphrase=None, algorithm='sha1'):
30 30 """Generate hashed password and salt for use in notebook configuration.
31 31
32 32 In the notebook configuration, set `c.NotebookApp.password` to
33 33 the generated string.
34 34
35 35 Parameters
36 36 ----------
37 37 passphrase : str
38 38 Password to hash. If unspecified, the user is asked to input
39 39 and verify a password.
40 40 algorithm : str
41 41 Hashing algorithm to use (e.g, 'sha1' or any argument supported
42 42 by :func:`hashlib.new`).
43 43
44 44 Returns
45 45 -------
46 46 hashed_passphrase : str
47 47 Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.
48 48
49 49 Examples
50 50 --------
51 51 In [1]: passwd('mypassword')
52 52 Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'
53 53
54 54 """
55 55 if passphrase is None:
56 56 for i in range(3):
57 57 p0 = getpass.getpass('Enter password: ')
58 58 p1 = getpass.getpass('Verify password: ')
59 59 if p0 == p1:
60 60 passphrase = p0
61 61 break
62 62 else:
63 63 print('Passwords do not match.')
64 64 else:
65 65 raise UsageError('No matching passwords found. Giving up.')
66 66
67 67 h = hashlib.new(algorithm)
68 68 salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
69 69 h.update(passphrase + salt)
70 70
71 71 return ':'.join((algorithm, salt, h.hexdigest()))
72 72
73 73
74 74 def passwd_check(hashed_passphrase, passphrase):
75 75 """Verify that a given passphrase matches its hashed version.
76 76
77 77 Parameters
78 78 ----------
79 79 hashed_passphrase : str
80 80 Hashed password, in the format returned by `passwd`.
81 81 passphrase : str
82 82 Passphrase to validate.
83 83
84 84 Returns
85 85 -------
86 86 valid : bool
87 87 True if the passphrase matches the hash.
88 88
89 89 Examples
90 90 --------
91 91 In [1]: from IPython.lib.security import passwd_check
92 92
93 93 In [2]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
94 94 ...: 'mypassword')
95 95 Out[2]: True
96 96
97 97 In [3]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
98 98 ...: 'anotherpassword')
99 99 Out[3]: False
100 100
101 101 """
102 102 try:
103 103 algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
104 104 except (ValueError, TypeError):
105 105 return False
106 106
107 107 try:
108 108 h = hashlib.new(algorithm)
109 109 except ValueError:
110 110 return False
111 111
112 if len(pw_digest) == 0 or len(salt) != salt_len:
112 if len(pw_digest) == 0:
113 113 return False
114 114
115 115 h.update(passphrase + salt)
116 116
117 117 return h.hexdigest() == pw_digest
General Comments 0
You need to be logged in to leave comments. Login now