def register(self, login, password): if (login == '' or password == ''): return 2 try: #On se connecte à la boîte à monsieurs conn = psycopg2.connect( "dbname=puissance5 user=puissance5 password=Disco<3") #On vérifie que le monsieur n'est pas déjà dans la boîte cur = conn.cursor() cur.execute("SELECT * FROM users WHERE login=%s;", (login, )) if cur.rowcount: return 1 #Le monsieur n'est pas dans la boîte, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1 hash = pbkdf2_sha1.encrypt(password) #On met le monsieur dans la boîte cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);", (login, hash)) conn.commit() cur.close() conn.close() except Exception as e: print("Echec de la création du nouvel utilisateur : \n", e) return 3 return 0
def register(self, login, password): if (login == '' or password == ''): return 2 try: #On se connecte à la boîte à monsieurs conn = psycopg2.connect("dbname=puissance5 user=puissance5 password=Disco<3") #On vérifie que le monsieur n'est pas déjà dans la boîte cur = conn.cursor() cur.execute("SELECT * FROM users WHERE login=%s;", (login,)) if cur.rowcount: return 1 #Le monsieur n'est pas dans la boîte, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1 hash = pbkdf2_sha1.encrypt(password) #On met le monsieur dans la boîte cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);", (login, hash)) conn.commit() cur.close() conn.close() except Exception as e: print("Echec de la création du nouvel utilisateur : \n", e) return 3 return 0
def new(password, server=defaultServer, clientId=None, username="******"): """ Encrypts a new @password by interacting with the Pythia service. @clientId: If specified, this value is used. If omitted, a suitable value is selected. @returns a tuple of required values to verify the password: (w,t,z,p) where: @w: client ID (key selector) @t: tweak (randomly generated user ID) @z: protected passwords @p: server public key bound to clientId - used to verify future proofs from this server. """ # Set the client ID if not clientId: w = secureRandom() else: w = clientId if ersatzHash == True: ersatzPw = "ersatz" ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\ username, password, \ ersatzPw, rounds=5000) #create ersatz salt t = ersatzHashGen._compute_ersatz_salt(password, ersatzPw) ersatzHashGen.salt = t a = ersatzHashGen._compute_ersatz_hash(password) a = passlib.utils.ab64_decode(a) #create ersatz input ersatzInput = ersatzHashGen._ersatzfy_input(password) z, p = query(ersatzInput, w, t, server) z = vpop.wrap( pyrelic.vpop.update(vpop.unwrapY(z), long(a.encode('hex'), 16))) #do the Z^a nonsense, where a is the pbkdf2 else: t = secureRandom() hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000) z, p = query(hashedPW, w, t, server) z = vpop.wrap( pyrelic.vpop.update(vpop.unwrapY(z), long(hashedPW.encode('hex'), 16))) #t = secureRandom() #z,p = query(password, w, t, server) return w, t, z, p
def hash_password(username, password): count = 0 salt = '' for char in username: # every second character is added to salt if count % 2 == 0: salt += char count += 1 salt = bytes(salt) hashed_password = pbkdf2_sha1.encrypt( password, salt=salt, ) return hashed_password
def check(password, w, t, z, p, server=defaultServer, username="******"): """ Checks an existing @password against the Pythia server using the values (w,t,z,p). @returns: True if the password passes authentication; False otherwise. """ if ersatzHash: ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\ username, password, \ "ersatz", rounds=5000) ersatzHashGen.salt = t ersatzInput = ersatzHashGen._ersatzfy_input(password) #check true password zPrime1, _ = query(ersatzInput, w, t, previousPubkey=p, server=server) zPrime2, _ = query(password, w, t, previousPubkey=p, server=server) #create ersatz salt a = passlib.utils.ab64_decode( ersatzHashGen._compute_ersatz_hash(password)) zPrime1 = vpop.wrap( pyrelic.vpop.update(vpop.unwrapY(zPrime1), long(a.encode('hex'), 16))) a = passlib.utils.ab64_decode( hash.pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)) zPrime2 = vpop.wrap( pyrelic.vpop.update(vpop.unwrapY(zPrime2), long(a.encode('hex'), 16))) if z == zPrime1: return 1 elif z == zPrime2: return 2 else: return 0 #check ersatz password else: hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000) zPrime, _ = query(hashedPW, w, t, previousPubkey=p, server=server) zPrime = vpop.wrap( pyrelic.vpop.update(vpop.unwrapY(zPrime), long(hashedPW.encode('hex'), 16))) #zPrime,_ = query(password, w, t, previousPubkey=p, server=server) return z == zPrime
def new(password, server=defaultServer, clientId=None, username="******"): """ Encrypts a new @password by interacting with the Pythia service. @clientId: If specified, this value is used. If omitted, a suitable value is selected. @returns a tuple of required values to verify the password: (w,t,z,p) where: @w: client ID (key selector) @t: tweak (randomly generated user ID) @z: protected passwords @p: server public key bound to clientId - used to verify future proofs from this server. """ # Set the client ID if not clientId: w = secureRandom() else: w = clientId if ersatzHash == True: ersatzPw = "ersatz" ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\ username, password, \ ersatzPw, rounds=5000) #create ersatz salt t = ersatzHashGen._compute_ersatz_salt(password,ersatzPw) ersatzHashGen.salt = t a = ersatzHashGen._compute_ersatz_hash(password) a = passlib.utils.ab64_decode(a) #create ersatz input ersatzInput = ersatzHashGen._ersatzfy_input(password) z,p = query(ersatzInput, w, t, server) z = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(z), long(a.encode('hex'),16))) #do the Z^a nonsense, where a is the pbkdf2 else: t = secureRandom() hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000) z,p = query(hashedPW, w, t, server) z = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(z), long(hashedPW.encode('hex'),16))) #t = secureRandom() #z,p = query(password, w, t, server) return w, t, z, p
def check(password, w, t, z, p, server=defaultServer, username="******"): """ Checks an existing @password against the Pythia server using the values (w,t,z,p). @returns: True if the password passes authentication; False otherwise. """ if ersatzHash: ersatzHashGen = ersatzlib.ErsatzHashGenerator(hash.pbkdf2_sha1,\ username, password, \ "ersatz", rounds=5000) ersatzHashGen.salt = t ersatzInput = ersatzHashGen._ersatzfy_input(password) #check true password zPrime1,_ = query(ersatzInput, w, t, previousPubkey=p, server=server) zPrime2,_ = query(password, w, t, previousPubkey=p, server=server) #create ersatz salt a = passlib.utils.ab64_decode(ersatzHashGen._compute_ersatz_hash(password)) zPrime1 = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime1), long(a.encode('hex'),16))) a = passlib.utils.ab64_decode(hash.pbkdf2_sha1.encrypt(password, salt=t, rounds=5000)) zPrime2 = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime2), long(a.encode('hex'),16))) if z == zPrime1: return 1 elif z == zPrime2: return 2 else: return 0 #check ersatz password else: hashedPW = pbkdf2_sha1.encrypt(password, salt=t, rounds=5000) zPrime,_ = query(hashedPW, w, t, previousPubkey=p, server=server) zPrime = vpop.wrap(pyrelic.vpop.update(vpop.unwrapY(zPrime), long(hashedPW.encode('hex'),16))) #zPrime,_ = query(password, w, t, previousPubkey=p, server=server) return z == zPrime
def register(self, login, password): #On vérifie qu'il a bien entré des informations valides if (login == '' or password == ''): return 2 try: #On obtient le verrou pour éviter les accès concurrents à la base de données self.lock.acquire() #On se connecte à la base de données conn = psycopg2.connect("dbname=puissance5 user=puissance5 password=Disco<3") #On vérifie que l'utilisateur n'existe pas déjà cur = conn.cursor() cur.execute("SELECT * FROM users WHERE login=%s;", (login,)) if cur.rowcount: #L'utilisateur existe déjà self.lock.release() return 1 #L'utilisateur n'est pas dans la BDD, on commence par hacher son mot de passe avec un algo overkill : PBKDF2_SHA1 hash = pbkdf2_sha1.encrypt(password) #On ajoute l'utilisateur à la base de données cur.execute("INSERT INTO users (login, password) VALUES (%s, %s);", (login, hash)) conn.commit() cur.close() conn.close() self.lock.release() except Exception as e: self.lock.release() print("Echec de la création du nouvel utilisateur : \n", e) return 3 return 0