def _verify_from_bytes(self, password, formatted_hash): parsed = self.parse(formatted_hash) hash = pbkdf2( password, parsed.salt, parsed.rounds, len(parsed.hash), parsed.method ) return constant_time_equal(hash, parsed.hash)
def test_constant_time_equal(): # We can't sanely check timing so we just test whether comparision works as # expected. assert constant_time_equal(b"foo", b"foo") assert not constant_time_equal(b"foo", b"bar") assert not constant_time_equal(b"bar", b"foo")
def _verify_from_bytes(self, password, formatted_hash): parsed = self.parse(formatted_hash) hash = hexlify(hmac.new(parsed.salt, password, self._digest).digest()) return constant_time_equal(hash, parsed.hash)
def _verify_from_bytes(self, password, formatted_hash): parsed = self.parse(formatted_hash) return constant_time_equal( bcrypt.hashpw(password, parsed.hash), parsed.hash )
def _verify_from_bytes(self, password, formatted_hash): return constant_time_equal( self.parse(self.create(password)), self.parse(formatted_hash) )