format pwhash
This commit is contained in:
parent
11de5948c8
commit
c441863af7
@ -17,24 +17,38 @@ PACK_FMT = f"<c{SALT_LEN}s64slhh"
|
|||||||
|
|
||||||
def gen_pwhash(password: str) -> str:
|
def gen_pwhash(password: str) -> str:
|
||||||
salt = os.urandom(SALT_LEN)
|
salt = os.urandom(SALT_LEN)
|
||||||
sh = scrypt(password.encode(), salt=salt, n=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P)
|
sh = scrypt(password.encode(),
|
||||||
pack_bytes = pack(PACK_FMT, VERSION, salt, sh, SCRYPT_N, SCRYPT_R, SCRYPT_P)
|
salt=salt,
|
||||||
|
n=SCRYPT_N,
|
||||||
|
r=SCRYPT_R,
|
||||||
|
p=SCRYPT_P)
|
||||||
|
pack_bytes = pack(PACK_FMT, VERSION, salt, sh, SCRYPT_N, SCRYPT_R,
|
||||||
|
SCRYPT_P)
|
||||||
return b32encode(pack_bytes).decode()
|
return b32encode(pack_bytes).decode()
|
||||||
|
|
||||||
|
|
||||||
class PWInfo:
|
class PWInfo:
|
||||||
|
|
||||||
def __init__(self, salt, sh):
|
def __init__(self, salt, sh):
|
||||||
self.salt = salt
|
self.salt = salt
|
||||||
self.scrypt_hash = sh
|
self.scrypt_hash = sh
|
||||||
|
|
||||||
|
|
||||||
def parse_hash(pwhash: str) -> PWInfo:
|
def parse_hash(pwhash: str) -> PWInfo:
|
||||||
decoded = b32decode(pwhash.encode())
|
decoded = b32decode(pwhash.encode())
|
||||||
ver, salt, sh, n, r, p = unpack(PACK_FMT, decoded)
|
ver, salt, sh, n, r, p = unpack(PACK_FMT, decoded)
|
||||||
if not (ver, n, r, p, len(salt)) == (VERSION, SCRYPT_N, SCRYPT_R, SCRYPT_P, SALT_LEN):
|
if not (ver, n, r, p, len(salt)) == (VERSION, SCRYPT_N, SCRYPT_R, SCRYPT_P,
|
||||||
raise Exception(f"Invalid hash: {ver=}, {n=}, {r=}, {p=}, f{len(salt)=} != {VERSION=}, {SCRYPT_N=}, {SCRYPT_R=}, {SCRYPT_P=}, {SALT_LEN=}")
|
SALT_LEN):
|
||||||
|
raise Exception(
|
||||||
|
f"Invalid hash: {ver=}, {n=}, {r=}, {p=}, f{len(salt)=} != {VERSION=}, {SCRYPT_N=}, {SCRYPT_R=}, {SCRYPT_P=}, {SALT_LEN=}"
|
||||||
|
)
|
||||||
return PWInfo(salt, sh)
|
return PWInfo(salt, sh)
|
||||||
|
|
||||||
|
|
||||||
def check_pass(password: str, pwinfo: PWInfo) -> bool:
|
def check_pass(password: str, pwinfo: PWInfo) -> bool:
|
||||||
# No need for constant time compare for hashes. See https://security.stackexchange.com/a/46215
|
# No need for constant time compare for hashes. See https://security.stackexchange.com/a/46215
|
||||||
return pwinfo.scrypt_hash == scrypt(password.encode(), salt=pwinfo.salt, n=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P)
|
return pwinfo.scrypt_hash == scrypt(password.encode(),
|
||||||
|
salt=pwinfo.salt,
|
||||||
|
n=SCRYPT_N,
|
||||||
|
r=SCRYPT_R,
|
||||||
|
p=SCRYPT_P)
|
||||||
|
Loading…
Reference in New Issue
Block a user