##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Use a global variable to adjust the number of bits used to generate the salt.
Stefan van der Walt -
Show More
Show file before | Show file after | Hide comments
@@ -5,6 +5,10 b' Password generation for the IPython notebook.'
5 import hashlib
5 import hashlib
6 import random
6 import random
7
7
8 # Length of the salt in nr of hex chars, which implies salt_len * 4
9 # bits of randomness.
10 salt_len = 12
11
8 def passwd(passphrase, algorithm='sha1'):
12 def passwd(passphrase, algorithm='sha1'):
9 """Generate hashed password and salt for use in notebook configuration.
13 """Generate hashed password and salt for use in notebook configuration.
10
14
@@ -31,7 +35,7 b" def passwd(passphrase, algorithm='sha1'):"
31
35
32 """
36 """
33 h = hashlib.new(algorithm)
37 h = hashlib.new(algorithm)
34 salt = '%04x' % random.getrandbits(16)
38 salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
35 h.update(passphrase + salt)
39 h.update(passphrase + salt)
36
40
37 return ':'.join((algorithm, salt, h.hexdigest()))
41 return ':'.join((algorithm, salt, h.hexdigest()))
@@ -74,7 +78,7 b' def passwd_check(hashed_passphrase, passphrase):'
74 except ValueError:
78 except ValueError:
75 return False
79 return False
76
80
77 if len(pw_digest) == 0 or len(salt) != 4:
81 if len(pw_digest) == 0 or len(salt) != salt_len:
78 return False
82 return False
79
83
80 h.update(passphrase + salt)
84 h.update(passphrase + salt)
Show file before | Show file after | Hide comments
@@ -1,12 +1,12 b''
1 from IPython.lib import passwd
1 from IPython.lib import passwd
2 from IPython.lib.security import passwd_check
2 from IPython.lib.security import passwd_check, salt_len
3 import nose.tools as nt
3 import nose.tools as nt
4
4
5 def test_passwd_structure():
5 def test_passwd_structure():
6 p = passwd('passphrase')
6 p = passwd('passphrase')
7 algorithm, salt, hashed = p.split(':')
7 algorithm, salt, hashed = p.split(':')
8 nt.assert_equals(algorithm, 'sha1')
8 nt.assert_equals(algorithm, 'sha1')
9 nt.assert_equals(len(salt), 4)
9 nt.assert_equals(len(salt), salt_len)
10 nt.assert_equals(len(hashed), 40)
10 nt.assert_equals(len(hashed), 40)
11
11
12 def test_roundtrip():
12 def test_roundtrip():
General Comments 0
You need to be logged in to leave comments. Login now