##// END OF EJS Templates
Always produce a salt of length 4.
Always produce a salt of length 4.

File last commit:

r5329:fcb12a88
r5329:fcb12a88
Show More
security.py
81 lines | 1.9 KiB | text/x-python | PythonLexer
"""
Password generation for the IPython notebook.
"""
import hashlib
import random
def passwd(passphrase, algorithm='sha1'):
"""Generate hashed password and salt for use in notebook configuration.
In the notebook configuration, set `c.NotebookApp.password` to
the generated string.
Parameters
----------
passphrase : str
Password to hash.
algorithm : str
Hashing algorithm to use.
Returns
-------
hashed_passphrase : str
Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.
Examples
--------
In [1]: passwd('mypassword')
Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'
"""
h = hashlib.new(algorithm)
salt = '%04x' % random.getrandbits(16)
h.update(passphrase + salt)
return ':'.join((algorithm, salt, h.hexdigest()))
def passwd_check(hashed_passphrase, passphrase):
"""Verify that a given passphrase matches its hashed version.
Parameters
----------
hashed_passphrase : str
Hashed password, in the format returned by `passwd`.
passphrase : str
Passphrase to validate.
Returns
-------
valid : bool
True if the passphrase matches the hash.
Examples
--------
In [1]: from IPython.lib.security import passwd_check
In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
...: 'mypassword')
Out[2]: True
In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
...: 'anotherpassword')
Out[3]: False
"""
try:
algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
except (ValueError, TypeError):
return False
try:
h = hashlib.new(algorithm)
except ValueError:
return False
if len(pw_digest) == 0 or len(salt) != 4:
return False
h.update(passphrase + salt)
return h.hexdigest() == pw_digest