##// END OF EJS Templates
Allow any hashing algorithm.
Stefan van der Walt -
Show More
@@ -1,82 +1,81 b''
1 """
1 """
2 Password generation for the IPython notebook.
2 Password generation for the IPython notebook.
3 """
3 """
4
4
5 import hashlib
5 import hashlib
6 import random
6 import random
7
7
8 def passwd(passphrase):
8 def passwd(passphrase, algorithm='sha1'):
9 """Generate hashed password and salt for use in notebook configuration.
9 """Generate hashed password and salt for use in notebook configuration.
10
10
11 In the notebook configuration, set `c.NotebookApp.password` to
11 In the notebook configuration, set `c.NotebookApp.password` to
12 the generated string.
12 the generated string.
13
13
14 Parameters
14 Parameters
15 ----------
15 ----------
16 passphrase : str
16 passphrase : str
17 Password to hash.
17 Password to hash.
18 algorithm : str
19 Hashing algorithm to use.
18
20
19 Returns
21 Returns
20 -------
22 -------
21 hashed_passphrase : str
23 hashed_passphrase : str
22 Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.
24 Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.
23
25
24 Examples
26 Examples
25 --------
27 --------
26 In [1]: passwd('mypassword')
28 In [1]: passwd('mypassword')
27 Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'
29 Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'
28
30
29 """
31 """
30 algorithm = 'sha1'
31
32 h = hashlib.new(algorithm)
32 h = hashlib.new(algorithm)
33 salt = hex(int(random.getrandbits(16)))[2:]
33 salt = hex(int(random.getrandbits(16)))[2:]
34 h.update(passphrase + salt)
34 h.update(passphrase + salt)
35
35
36 return ':'.join((algorithm, salt, h.hexdigest()))
36 return ':'.join((algorithm, salt, h.hexdigest()))
37
37
38 def passwd_check(hashed_passphrase, passphrase):
38 def passwd_check(hashed_passphrase, passphrase):
39 """Verify that a given passphrase matches its hashed version.
39 """Verify that a given passphrase matches its hashed version.
40
40
41 Parameters
41 Parameters
42 ----------
42 ----------
43 hashed_passphrase : str
43 hashed_passphrase : str
44 Hashed password, in the format returned by `passwd`.
44 Hashed password, in the format returned by `passwd`.
45 passphrase : str
45 passphrase : str
46 Passphrase to validate.
46 Passphrase to validate.
47
47
48 Returns
48 Returns
49 -------
49 -------
50 valid : bool
50 valid : bool
51 True if the passphrase matches the hash.
51 True if the passphrase matches the hash.
52
52
53 Examples
53 Examples
54 --------
54 --------
55 In [1]: from IPython.lib.security import passwd_check
55 In [1]: from IPython.lib.security import passwd_check
56
56
57 In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
57 In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
58 ...: 'mypassword')
58 ...: 'mypassword')
59 Out[2]: True
59 Out[2]: True
60
60
61 In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
61 In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
62 ...: 'anotherpassword')
62 ...: 'anotherpassword')
63 Out[3]: False
63 Out[3]: False
64
64
65 """
65 """
66 # Algorithm and hash length
67 supported_algorithms = {'sha1': 40}
68
69 try:
66 try:
70 algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
67 algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
71 except (ValueError, TypeError):
68 except (ValueError, TypeError):
72 return False
69 return False
73
70
74 if not (algorithm in supported_algorithms and \
71 try:
75 len(pw_digest) == supported_algorithms[algorithm] and \
72 h = hashlib.new(algorithm)
76 len(salt) == 4):
73 except ValueError:
74 return False
75
76 if len(pw_digest) == 0 or len(salt) != 4:
77 return False
77 return False
78
78
79 h = hashlib.new(algorithm)
80 h.update(passphrase + salt)
79 h.update(passphrase + salt)
81
80
82 return h.hexdigest() == pw_digest
81 return h.hexdigest() == pw_digest
General Comments 0
You need to be logged in to leave comments. Login now