def test_hash_nul_bytes(self):
"""
Hashing passwords with NUL bytes works as expected.
"""
rv = hash_password_raw(b"abc\x00", TEST_SALT)
assert rv != hash_password_raw(b"abc", TEST_SALT)
def test_hash_nul_bytes(self):
"""
Hashing passwords with NUL bytes works as expected.
"""
rv = hash_password_raw(b"abc\x00", TEST_SALT)
assert rv != hash_password_raw(b"abc", TEST_SALT)
def decrypt(self, data, password, salt):
salt = self._fix_salt(salt)
key = hash_password_raw(password, hash_len=32, salt=salt)
box = SecretBox(key)
data = box.decrypt(data, encoder=nacl.encoding.Base64Encoder)
return data
def kdf(key, salt): # type: (str, str) -> str
return b64encode(
hash_password_raw(time_cost=params.get('a2_time', 16),
memory_cost=params.get('a2_mem', 32768),
parallelism=params.get('a2_paral', 2),
password=key.encode(),
hash_len=AES.key_size[params.get('aes_size', 2)],
type=Type.ID,
salt=salt))
def key_generator_argon2(password, salt):
#argon2 is industry specified hashing algorithm. Winner of Password Hashing Competition
password = password.encode('utf-8')
hash = argon2.hash_password_raw(time_cost=16, memory_cost=2**15, parallelism=2, hash_len=32,
password=password, salt=salt, type=argon2.low_level.Type.ID)
return hash
def kdf(password): # type: (str) -> str
return b64encode(
hash_password_raw(time_cost=get_param('ros_rest/a2_time', 16),
memory_cost=get_param('ros_rest/a2_mem', 32768),
parallelism=get_param('ros_rest/a2_paral', 2),
salt=b64decode(get_param('ros_rest/a2_salt')),
hash_len=AES.key_size[get_param(
'ros_rest/aes_size', 2)],
password=password.encode(),
type=Type.ID))
def encrypt(self, data, password, salt):
salt = self._fix_salt(salt)
key = hash_password_raw(password, hash_len=32, salt=salt)
box = SecretBox(key)
nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
encrypted_data = box.encrypt(data,
nonce,
encoder=nacl.encoding.Base64Encoder)
return encrypted_data
def kdf_decrypt(passphrase, time, mem, cores):
print(f'Stretching key...')
# compute 50 of the available memory
return hash_password_raw(time_cost=int(time),
memory_cost=int(mem),
parallelism=int(cores),
hash_len=32,
password=passphrase,
salt=b"k3y der1vati0n",
type=low_level.Type.ID)
def get_hmac(key: bytes, salts: Sequence[bytes]) -> HMAC.HMAC:
"""."""
hmac_password_derived = argon2.hash_password_raw(
hash_len=32,
password=key,
salt=salts[2], # hmac_salt
type=argon2.low_level.Type.ID)
bytes_to_hmac = b''.join(salts)
return HMAC.new(key=hmac_password_derived,
msg=bytes_to_hmac,
digestmod=SHA256)
def kdf(passphrase):
''' Derive the key from a passphrase '''
time = 16
mem = floor(
(virtual_memory().free * 0.75) / 1000) # use 75% of available memory
cores = cpu_count()
print(f'Stretching key...')
return hash_password_raw(time_cost=time,
memory_cost=mem,
parallelism=cores,
hash_len=32,
password=passphrase,
salt=b"k3y der1vati0n",
type=low_level.Type.ID), f'{time};{mem};{cores}'
def test_hash_password_raw(self, type, hash):
"""
Creates the same raw hash as the Argon2 CLI client.
"""
rv = hash_password_raw(
TEST_PASSWORD,
TEST_SALT,
TEST_TIME,
TEST_MEMORY,
TEST_PARALLELISM,
TEST_HASH_LEN,
type,
)
assert hash == rv
assert isinstance(rv, bytes)
def test_hash_password_raw(self, type, hash):
"""
Creates the same raw hash as the Argon2 CLI client.
"""
rv = hash_password_raw(
TEST_PASSWORD,
TEST_SALT,
TEST_TIME,
TEST_MEMORY,
TEST_PARALLELISM,
TEST_HASH_LEN,
type,
)
assert hash == rv
assert isinstance(rv, bytes)
def get_aes(key: bytes, salts: Sequence[bytes]) -> CtrMode:
"""."""
cipher_password_derived = argon2.hash_password_raw(
hash_len=32,
password=key,
salt=salts[0], # password_salt
type=argon2.low_level.Type.ID)
ctr_counter = Counter.new(
64,
prefix=salts[1], # nonce
initial_value=5988931115977,
little_endian=True)
ctr = AES.new(key=cipher_password_derived,
mode=AES.MODE_CTR,
counter=ctr_counter)
# make mypy happy
assert isinstance(ctr, CtrMode)
return ctr
def test_raw_defaults(self):
"""
Calling without arguments works.
"""
hash_password_raw(b"secret")
def test_raw_defaults(self):
"""
Calling without arguments works.
"""
hash_password_raw(b"secret")
# antes de executar o código abaixo, é necessário importar
# o pacote argon2_cffi no python. para isso, basta
# executar o comando abaixo.
#
# pip install argon2_cffi
# imprtando bibliotecas
import argon2, binascii
# calcular o raw hash da senha
hash = argon2.hash_password_raw(time_cost=16,
memory_cost=2**15,
parallelism=2,
hash_len=32,
password=b'password',
salt=b'some salt',
type=argon2.low_level.Type.ID)
print("Argon2 raw hash:", binascii.hexlify(hash))
argon2Hasher = argon2.PasswordHasher(time_cost=16,
memory_cost=2**15,
parallelism=2,
hash_len=32,
salt_len=16)
hash = argon2Hasher.hash("password")
print("Argon2 hash (random salt):", hash)
verifyValid = argon2Hasher.verify(hash, "password")
print("Argon2 verify (correct password):", verifyValid)
from argon2 import hash_password_raw, low_level
import binascii
hash = hash_password_raw(time_cost=16,
memory_cost=2**15,
parallelism=2,
hash_len=32,
password=b'My secret password',
salt=b'0123456789ABCDEF',
type=low_level.Type.ID)
print(f'Argon2id hash: {binascii.hexlify(hash).decode("utf-8")}')