def check_password(self, password):
if not self.password or '$' not in self.password:
return False
salt, digest = self.password.encode('utf8').split('$', 1)
if isinstance(password, unicode):
password = password.encode('utf8')
d = pbkdf2(password, salt, 10000, 32)
if d != digest.decode('base64'):
return False
return True
def test_key(r):
for test_number in range(r[0], r[1]):
test_pin = "%04d" % test_number
#print "testing", test_pin
test_hash = pbkdf2(test_pin, salt, 1000, 20)
print "pin", test_pin, "hash:", binascii.hexlify(test_hash), "key: ", binascii.hexlify(hashKey)
if test_hash == hashKey:
return test_pin
return None
def stretch_passphrase(passphrase, salt=None, iterations=10000, length=16,
output_format='binary'):
"""Stretch a passphrase using pbkdf2
Params:
passphrase (str): Passphrase to be stretched.
Kwargs:
salt (bytes): data to salt with
iterations (int): iterations to use in pbkdf2
length (int): length in bytes of stretched passphrase
output_format (str): return format of binary or base64 encoding
Returns:
stretched passphrase encoded as binary or base64
"""
if salt is None:
# 128 bit salt recommended by NIST
salt = os.urandom(16)
output = pbkdf2(passphrase, salt, iterations, length)
if output_format != 'binary':
output = util.b64encode(output)
return output
def set_password(self, password):
salt = ''.join([random.choice(salt_choices) for _ in xrange(6)])
digest = pbkdf2(password, salt, 10000, 32)
digest = digest.encode('base64').replace('\n', '')
self.password = '******' % (salt, digest)
