Beispiel #1
0
def generate_key_iv(
    password: bytes, salt: bytes, key_size: int, iv_size: int, algo: str = "md5"
) -> Tuple[bytes, bytes]:
    def hasher(algo: str, data: bytes) -> bytes:
        hashes = {
            "md5": hashlib.md5,
            "sha256": hashlib.sha256,
            "sha512": hashlib.sha512,
        }
        h = hashes[algo]()
        h.update(data)
        return h.digest()

    if algo == "md5":
        temp = pbkdf1("md5", password, salt, 1, 16)
    else:
        temp = b""

    fd = temp
    while len(fd) < key_size + iv_size:
        temp = hasher(algo, temp + password + salt)
        fd += temp

    key = fd[0:key_size]
    iv = fd[key_size : key_size + iv_size]

    return key, iv
Beispiel #2
0
    def test_known(self):
        """test reference vectors"""
        from passlib.crypto.digest import pbkdf1

        for secret, salt, rounds, keylen, digest, correct in self.pbkdf1_tests:
            result = pbkdf1(digest, secret, salt, rounds, keylen)
            self.assertEqual(result, correct)
Beispiel #3
0
 def _calc_checksum(self, secret):
     if isinstance(secret, unicode):
         secret = secret.encode("utf-8")
     # NOTE: for some reason, FSHP uses pbkdf1 with password & salt reversed.
     #       this has only a minimal impact on security,
     #       but it is worth noting this deviation.
     return pbkdf1(
         digest=self.checksum_alg,
         secret=self.salt,
         salt=secret,
         rounds=self.rounds,
         keylen=self.checksum_size,
         )
Beispiel #4
0
def derivePassphrase(passphrase):
    algo = 'sha256'
    # 从人类可记忆「口令」生成面向加密算法用途的「密钥」
    password = pbkdf1(algo, passphrase.decode('latin1'), salt, rounds, keylen=outlen)
    # 扩展秘钥
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=outlen,
        salt=salt,
        iterations=rounds,
        backend=backend
    )
    password = kdf.derive(passphrase)
    return password
Beispiel #5
0
 def helper(secret=b'secret',
            salt=b'salt',
            rounds=1,
            keylen=1,
            hash='md5'):
     return pbkdf1(hash, secret, salt, rounds, keylen)
Beispiel #6
0
 def helper(secret=b'secret', salt=b'salt', rounds=1, keylen=1, hash='md5'):
     return pbkdf1(hash, secret, salt, rounds, keylen)
Beispiel #7
0
 def test_known(self):
     """test reference vectors"""
     from passlib.crypto.digest import pbkdf1
     for secret, salt, rounds, keylen, digest, correct in self.pbkdf1_tests:
         result = pbkdf1(digest, secret, salt, rounds, keylen)
         self.assertEqual(result, correct)
Beispiel #8
0
passphrase = b'admin123'  # 人类可记忆「口令」

# 随机产生盐值,并不需要持久化存储以用于
# 1. 加密算法秘钥的再次延展生成
# 2. 口令散列存储的验证算法
salt = os.urandom(16)
print(binascii.hexlify(salt))

algo = 'sha256'
rounds = 1000
outlen = 32

# 从人类可记忆「口令」生成面向加密算法用途的「秘钥」
password = pbkdf1(algo,
                  passphrase.decode('latin1'),
                  salt,
                  rounds,
                  keylen=outlen)
print(binascii.hexlify(password))

# ref: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/
backend = default_backend()

# 扩展秘钥
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
                 length=outlen,
                 salt=salt,
                 iterations=rounds,
                 backend=backend)
password = kdf.derive(passphrase)
Beispiel #9
0
 def helper(secret=b"secret", salt=b"salt", rounds=1, keylen=1, hash="md5"):
     return pbkdf1(hash, secret, salt, rounds, keylen)