def _pl_salted_sha512_pbkdf2_from_string(strvalue, salt_bin=None, iterations=1000): ''' Create a PBKDF2-SHA512 hash with a 128 byte key length. The standard passlib.hash.pbkdf2_sha512 functions assume a 64 byte key length which does not match OSX's implementation. :param strvalue: The string to derive the hash from :param salt: The (randomly generated) salt :param iterations: The number of iterations, for Mac OS X it's normally between 23000-25000? need to confirm. :return: (binary digest, binary salt, number of iterations used) ''' if salt_bin is None: salt_bin = os.urandom(32) key_length = 128 hmac_sha512, dsize = pbkdf2.get_prf("hmac-sha512") digest_bin = pbkdf2.pbkdf2(strvalue, salt_bin, iterations, key_length, hmac_sha512) return digest_bin, salt_bin, iterations
import re import logging; log = logging.getLogger(__name__) from warnings import warn # site # pkg from passlib.utils import classproperty, h64, safe_crypt, test_crypt from passlib.utils.compat import b, bytes, u, uascii_to_str, unicode from passlib.utils.pbkdf2 import get_prf import passlib.utils.handlers as uh # local __all__ = [ ] #============================================================================= # sha1-crypt #============================================================================= _hmac_sha1 = get_prf("hmac-sha1")[0] _BNULL = b('\x00') class sha1_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandler): """This class implements the SHA1-Crypt password hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.encrypt` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods accept the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, an 8 character one will be autogenerated (this is recommended). If specified, it must be 0-64 characters, drawn from the regexp range ``[./0-9A-Za-z]``.