def generate_key_iv( password: bytes, salt: bytes, key_size: int, iv_size: int, algo: str = "md5" ) -> Tuple[bytes, bytes]: def hasher(algo: str, data: bytes) -> bytes: hashes = { "md5": hashlib.md5, "sha256": hashlib.sha256, "sha512": hashlib.sha512, } h = hashes[algo]() h.update(data) return h.digest() if algo == "md5": temp = pbkdf1("md5", password, salt, 1, 16) else: temp = b"" fd = temp while len(fd) < key_size + iv_size: temp = hasher(algo, temp + password + salt) fd += temp key = fd[0:key_size] iv = fd[key_size : key_size + iv_size] return key, iv
def test_known(self): """test reference vectors""" from passlib.crypto.digest import pbkdf1 for secret, salt, rounds, keylen, digest, correct in self.pbkdf1_tests: result = pbkdf1(digest, secret, salt, rounds, keylen) self.assertEqual(result, correct)
def _calc_checksum(self, secret): if isinstance(secret, unicode): secret = secret.encode("utf-8") # NOTE: for some reason, FSHP uses pbkdf1 with password & salt reversed. # this has only a minimal impact on security, # but it is worth noting this deviation. return pbkdf1( digest=self.checksum_alg, secret=self.salt, salt=secret, rounds=self.rounds, keylen=self.checksum_size, )
def derivePassphrase(passphrase): algo = 'sha256' # 从人类可记忆「口令」生成面向加密算法用途的「密钥」 password = pbkdf1(algo, passphrase.decode('latin1'), salt, rounds, keylen=outlen) # 扩展秘钥 kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=outlen, salt=salt, iterations=rounds, backend=backend ) password = kdf.derive(passphrase) return password
def helper(secret=b'secret', salt=b'salt', rounds=1, keylen=1, hash='md5'): return pbkdf1(hash, secret, salt, rounds, keylen)
passphrase = b'admin123' # 人类可记忆「口令」 # 随机产生盐值,并不需要持久化存储以用于 # 1. 加密算法秘钥的再次延展生成 # 2. 口令散列存储的验证算法 salt = os.urandom(16) print(binascii.hexlify(salt)) algo = 'sha256' rounds = 1000 outlen = 32 # 从人类可记忆「口令」生成面向加密算法用途的「秘钥」 password = pbkdf1(algo, passphrase.decode('latin1'), salt, rounds, keylen=outlen) print(binascii.hexlify(password)) # ref: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/ backend = default_backend() # 扩展秘钥 kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=outlen, salt=salt, iterations=rounds, backend=backend) password = kdf.derive(passphrase)
def helper(secret=b"secret", salt=b"salt", rounds=1, keylen=1, hash="md5"): return pbkdf1(hash, secret, salt, rounds, keylen)