upstream/ipython Files · IPython/lib/security.py

Use a global variable to adjust the number of bits used to generate the salt.

Stefan van der Walt - - Load All Authors

File last commit:

r5332:8457e379


                r5332:8457e379

Download file

             security.py
        
                    86 lines
            
             | 2.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / lib / security.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """

      Password generation for the IPython notebook.

      """

      import hashlib

      import random

      # Length of the salt in nr of hex chars, which implies salt_len * 4

      # bits of randomness.

      salt_len = 12

      def passwd(passphrase, algorithm='sha1'):

          """Generate hashed password and salt for use in notebook configuration.

          In the notebook configuration, set `c.NotebookApp.password` to

          the generated string.

          Parameters

          ----------

          passphrase : str

              Password to hash.

          algorithm : str

              Hashing algorithm to use (e.g, 'sha1' or any argument supported

              by :func:`hashlib.new`).

          Returns

          -------

          hashed_passphrase : str

              Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

          Examples

          --------

          In [1]: passwd('mypassword')

          Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

          """

          h = hashlib.new(algorithm)

          salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)

          h.update(passphrase + salt)

          return ':'.join((algorithm, salt, h.hexdigest()))

      def passwd_check(hashed_passphrase, passphrase):

          """Verify that a given passphrase matches its hashed version.

          Parameters

          ----------

          hashed_passphrase : str

              Hashed password, in the format returned by `passwd`.

          passphrase : str

              Passphrase to validate.

          Returns

          -------

          valid : bool

              True if the passphrase matches the hash.

          Examples

          --------

          In [1]: from IPython.lib.security import passwd_check

          In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'mypassword')

          Out[2]: True

          In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'anotherpassword')

          Out[3]: False

          """

          try:

              algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)

          except (ValueError, TypeError):

              return False

          try:

              h = hashlib.new(algorithm)

          except ValueError:

              return False

          if len(pw_digest) == 0 or len(salt) != salt_len:

              return False

          h.update(passphrase + salt)

          return h.hexdigest() == pw_digest

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				"""
				Password generation for the IPython notebook.
				"""

				import hashlib
				import random

				# Length of the salt in nr of hex chars, which implies salt_len * 4
				# bits of randomness.
				salt_len = 12

				def passwd(passphrase, algorithm='sha1'):
				"""Generate hashed password and salt for use in notebook configuration.

				In the notebook configuration, set `c.NotebookApp.password` to
				the generated string.

				Parameters
				----------
				passphrase : str
				Password to hash.
				algorithm : str
				Hashing algorithm to use (e.g, 'sha1' or any argument supported
				by :func:`hashlib.new`).

				Returns
				-------
				hashed_passphrase : str
				Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

				Examples
				--------
				In [1]: passwd('mypassword')
				Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

				"""
				h = hashlib.new(algorithm)
				salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
				h.update(passphrase + salt)

				return ':'.join((algorithm, salt, h.hexdigest()))

				def passwd_check(hashed_passphrase, passphrase):
				"""Verify that a given passphrase matches its hashed version.

				Parameters
				----------
				hashed_passphrase : str
				Hashed password, in the format returned by `passwd`.
				passphrase : str
				Passphrase to validate.

				Returns
				-------
				valid : bool
				True if the passphrase matches the hash.

				Examples
				--------
				In [1]: from IPython.lib.security import passwd_check

				In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
				...: 'mypassword')
				Out[2]: True

				In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
				...: 'anotherpassword')
				Out[3]: False

				"""
				try:
				algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
				except (ValueError, TypeError):
				return False

				try:
				h = hashlib.new(algorithm)
				except ValueError:
				return False

				if len(pw_digest) == 0 or len(salt) != salt_len:
				return False

				h.update(passphrase + salt)

				return h.hexdigest() == pw_digest