def createToken(username=''): salthex = binascii.unhexlify(salt) tokenpepper = username.encode('utf-8') saltpepper = str(datetime.datetime.now()).encode('utf-8') pepper = pbkdf2_hmac(hf_name_pepper, tokenpepper, saltpepper, iterations_pepper, dksize_pepper) key = pbkdf2_hmac(hf_name, pepper, salthex, iterations, dksize) token = binascii.hexlify(key) return token.decode('utf-8')
def hashpassword(username='', password=defaultpass): salthex = binascii.unhexlify(salt) password = password.encode('utf-8') saltpepper = username.encode('utf-8') pepper = pbkdf2_hmac(hf_name_pepper, password, saltpepper, iterations_pepper, dksize_pepper) key = pbkdf2_hmac(hf_name, pepper, salthex, iterations, dksize) password = binascii.hexlify(key) return password.decode('utf-8')
def load(password, representation, trustedDataCheck): salt = Keychain.get_salts()[trustedDataCheck].encode("ISO-8859-1") secret_password = Keychain.get_passwords()[trustedDataCheck].encode( "ISO-8859-1") derived_password = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 50000, 64) if trustedDataCheck: try: if Keychain.hmac_sha256( msg=representation, key=derived_password) != trustedDataCheck: raise CorruptError except CorruptError: print("=" * 50) print("=" * 50) print('\nThe representation was corrupted\n') print("=" * 50) return False, None # Verificar si la contrase;a es valida para la representacion(keys) if derived_password == secret_password: keychain = Keychain.objects.create(salt=salt) keychain.derived_password = derived_password for name, value in representation.items(): decrypted = Keychain.decrypt_AES_GCM( (bytes.fromhex(value[0]), bytes.fromhex(value[1]), bytes.fromhex(value[2])), derived_password[:32]) keychain.loadKey(name, decrypted.decode("utf-8")) return True, keychain return False, None
def login(request): user = request.POST.get ('user', False) pswd = request.POST.get('pswd', False) if request.user.is_authenticated: if request.user.is_active: return redirect("index") # Salted password SRM size = 10 salt = os.urandom(size) if user is not False and pswd is not False: pass_key = pbkdf2_hmac("sha256", pswd, salt, 50000, 32) pass_key = AESCipher.encrypt(pass_key) # Salted password SRM try: twitter_login = user.social_auth.get(provider='twitter') except UserSocialAuth.DoesNotExist: twitter_login = None except AttributeError: twitter_login = None template = loader.get_template('magiclink/login_ml.html') if twitter_login is None and user is not False and pswd is not False: user = authenticate(request, username=user, password=pass_key) posts = Post.objects.all().order_by('-post_timestamp') posts_and_likes = [(post, len(Like.objects.filter(post_id=post))) for post in posts] context = {'twitter_login': twitter_login, 'posts': posts, 'posts_and_likes': posts_and_likes, 'user_details': user} return HttpResponse(template.render(context, request))
def init(password): salt = os.urandom(64) keychain = Keychain.objects.create(salt=salt) keychain.derived_password = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, 50000, 64) return keychain
def post_signup(request): if request.method == 'POST': username = request.POST["username"] email = request.POST["email"] password = request.POST["psw"] confirmation = request.POST["psw-repeat"] if password != confirmation: return render(request, "rambleapp/signup_in.html", {"message": "Passwords must match."}) # Salted password SRM #password = bytes(password, 'utf-8') if not type(password) == bytes: password = password.encode() size = 10 salt = os.urandom(size) pass_key = pbkdf2_hmac("sha256", password, salt, 50000, 32) pass_key = str(pass_key) #print(type(pass_key)) #pass_key = unicode(pass_key, errors='ignore') #pass_key = pass_key.encode("utf8","ignore") #pass_key = to_bytes(pass_key.encode('utf-8')) #try: # pass_key = pass_key.decode() # print("Here") #except (UnicodeDecodeError, AttributeError): # print("Error") # pass key = 'Store login securely' key = generate_secret_key(key) cipher = AESCipher(key) encrypt_text = cipher.encrypt(pass_key) print(encrypt_text) assert pass_key != encrypt_text #pass_key = cipher.encrypt(plain_text=pass_key) # Salted password SRM try: user = Auth_User.objects.create_user( username, email, encrypt_text) #Salted password SRM user.save() except IntegrityError as e: print(e) return render(request, "rambleapp/signup_in.html", {"message": "Email address already taken."}) user = authenticate(request, username=username, password=encrypt_text) #Salted password SRM if user is not None: auth_login(request, user, backend="django.contrib.auth.backends.ModelBackend") #user = Auth_User.objects.get(username=username).pk #form = ProfileForm(request.POST, request.FILES) #template = loader.get_template('rambleapp/make_profile.html') #context = {} #return HttpResponse(template.render(context, request)) return redirect(make_profile) return HttpResponseForbidden('allowed only via POST')
def _hash_password(self, password): """ Метод шифрования пароля """ pwd = password.encode('utf-8') salt = bytes(self._salt) buff = pbkdf2_hmac('sha512', pwd, salt, iterations=100000) return bytes(buff)
def key_creation(self, password): self.db_name = db_name # let DB_Con try to connect to the database # if it fails, it is likely that the file is encrypted # salt = binascii.unhexlify(os.urandom(128)) salt = b'\xacwS\xd5\xa9\x95\x80\x10\x0cJ\x99\r\x0f\x90\xa5\xf7,\xe8f\xb8\x8a\x8b\xees\x98\x1e\x82}d\x05c\xa8_\x91\xa9(q\xf8?\x87"!\xc7\x87\x8d\\\x95&\xc1F6\x0b\xf2&\xcb-\x1ct\x7f\xdf\\\x86\x91w\x9a~Y\xacg\xa0\xc7\xda\x05\x81\xa3\x81\xfa\xee\xd3h\xa3f\x93V$ \x92\xa6\x8c\x8b68iu`\x15\x00\xcf\x0e`\xaaA\xc9q\xc3\xedCN\xeb\xc4/\xb33]G\x11\x81\xb2\xf6\x98b\x0f\xb5\x0b\xca\xe5\xdb\xf5' key = pbkdf2_hmac("sha256", str.encode(password), salt, 100000, 16) pdb.set_trace() self.cipher = AES.new(key, AES.MODE_EAX) print(key)
def generate_PBKDF2_key( password, salt="CISCOTHEBOSS", iteration=10000, length=512 ): #Generates the key to encrypt and decrypt data using the XOR algorithm. password = password.encode() salt = salt.encode() return binascii.hexlify( pbkdf2_hmac("sha256", password, salt, iteration, length)).decode("utf8")
def ba_password_hashing(password_str, salt): """ Create SHA256 hash from given password, using given salt. Will return hash as a hex string. """ dk = pbkdf2_hmac( 'sha256', bytes(password_str), bytes(salt), (100 * 1000) ) return binascii.hexlify(dk)
def genKeyPairFromSeed(seed: str) -> tuple: """ Generate a Public key, Private Key pair from the seed using Ed25519 Algorithm Args: seed(str): Any random seed can be used. Make sure to remember the seed so that you can re-generate the public and private keys if your ever lose them. Returns: public_key(bytes), private_key(bytes): Both are public_key and private_keys. """ if not isinstance(seed, str): raise Exception("The seed value has to be a string") seed = seed.encode("utf-8") key = pbkdf2_hmac("sha256", seed, b"", 1000, 32) return nacl.bindings.crypto_sign_seed_keypair(key)
def load(self, password, representation, trustedDataCheck): isload = True password = password.encode("utf8") pass_check = pbkdf2_hmac('sha256', password, self.salt, 100000 + 500 * self.it, 32) main_pass = get_mainpass() # print(pass_check) # print(main_pass) if pass_check != main_pass: isload = False if trustedDataCheck != None and isload == True: trusted_sha256 = sha256_Hmac(mensaje=representation, llave=self.pass_pbkdf2) if trustedDataCheck != trusted_sha256: isload = False return isload
def init(self, password): #verifica el si existe la db para consultar el salt, sino crea el salt y lo guarda isnew = False if os.path.isfile(db_file): self.salt = get_salt() isnew = False else: self.salt = os.urandom(64) save_salt(self.salt) isnew = True self.it = int(len(self.salt) * len(password) % 2) # pbkdf2 password = password.encode("utf8") self.pass_pbkdf2 = pbkdf2_hmac('sha256', password, self.salt, 100000 + 500 * self.it, 32) if isnew: save_main(self.pass_pbkdf2)
def type8(): valid_pwd = False while not valid_pwd: try: pwd = pwd_input() except KeyboardInterrupt: sys.exit(0) else: if (pwd_check(pwd)): # Create random salt (Cisco use 14 characters from custom B64 table) salt_chars=[] for _ in range(14): salt_chars.append(random.choice(cisco_b64chars)) salt = "".join(salt_chars) # Create the hash hash = pbkdf2_hmac("sha256", pwd.encode(), salt.encode(), 20000, 32) # Convert the hash from Standard Base64 to Cisco Base64 hash = base64.b64encode(hash).decode().translate(b64table)[:-1] # Print the hash in the Cisco IOS CLI format print( '\n' + f"Your Cisco Type 8 password hash is: $8${salt}${hash}") valid_pwd = True
def _hash_password(self, password): """Hashes the provided password using the pbkdf2 algorithm.""" pwd = password.encode('utf-8') salt = bytes(self._salt) buff = pbkdf2_hmac('sha512', pwd, salt, iterations=100000) return bytes(buff)
def _hi(data, salt, iterations): return pbkdf2_hmac('sha1', data, salt, iterations)
def _hash_password(self, password): pwd = password.encode("utf-8") salt = bytes(self._salt) buff = pbkdf2_hmac("sha512", pwd, salt, iterations=100000) return bytes(buff)
def _hash_password(self, password): pwd = password.encode("utf-8") salt = bytes(self._salt) rounds = current_app.config.get("HASH_ROUNDS", 100000) buff = pbkdf2_hmac("sha512", pwd, salt, iterations=rounds) return bytes(buff)
#Jorge Azmitia 15202 #PBKDF2 import os, binascii from backports.pbkdf2 import pbkdf2_hmac ans = True while ans: print(""" 1.Generate a key 2.Exit/Quit """) ans = input("Seleccione una opcion: ") if ans == "1": password = input("Ingrese un password: "******"utf8") iteraciones = input("Ingrese numero de iteraciones que desea hacer") key = pbkdf2_hmac("sha256", passwd, salt, int(iteraciones), 32) print("Derived key:", binascii.hexlify(key)) elif ans == "2": print("\n Gracias por utilizar el programa") exit()
def _hi(data, salt, iterations, digestmod): return pbkdf2_hmac(digestmod().name, data, salt, iterations)
def crack(self): entries = {"clear": [], "vault": []} xml = ET.parse(self.xml_path).getroot( ) #PARSE XML FOR READING SALT,HASH AND MASTERKEY conn = sqlite3.connect(self.db_path) #READ SQLITE DATABASE c = conn.cursor() for entry in c.execute( 'SELECT * FROM entry'): #GET ALL ENTRIES FROM DATABASE try: base64.b64decode( entry[2] ) #IF ENTRY CONTENT IS BASE64 ---> THAT MEANS IT'S ENCRYPTED entries["vault"].append(entry) #MOVE ENTRY TO VAULT except: entries["clear"].append( entry) #IF ENTRY IS NOT BASE64 ---> IT IS PUBLIC xml_content = {} for child in xml: xml_content[child.attrib["name"]] = child.text #READ XML hash = xml_content["hash"] #GETTING HASH masterkey = xml_content["masterkey"] #GETTING ENCRYPTED MASTERKEY salt = base64.b64decode( xml_content["salt"]) #GETTING SALT (AND DECODE IT ) clef = base64.b64decode( hash ) #GETTING KEY AND DECODE IT (WITH THIS KEY, WE DON'T NEED ANY PASSWORD), FOR MORE DETAILS, CHECK VERIFY_PASSWORD FUNCTION. mdo = self.decrypt( masterkey, clef ) #GETTING MDO ( LOOK IN THE DIAGRAM ), BY DECODING XML MASTERKEY WITH THE KEY ( DECODED HASH ) encrypted_len = len( entries["vault"] ) #CALCULATING NUMBER OF ENCRYPTED ENTRIES ( JUST FOR VISUAL ) mdo = mdo.decode("utf-8").replace("\x0c", "").encode( "utf-8") #REMOVE MDO GARBAGE masterKey = pbkdf2_hmac("sha1", mdo, salt, 1000, 32) #GETTING DECRYPTED MASTERKEY BY USING MDO for entry in entries["vault"]: encryptedTitle = entry[1] #GETTING ENCRYPTED TITLE encryptedContent = entry[2] #GETTING ENCRYPTED CONTENT decryptedTitle = self.decrypt( encryptedTitle, masterKey).decode().replace( "\r", "") #DECRYPT TITLE AND REMOVE GARBAGE decryptedContent = self.decrypt( encryptedContent, masterKey).decode().replace( "\r", "") #DECRYPT CONTENT AND REMOVE GARBAGE entry = list(entry) #CONVERT TUPLE TO LIST FOR EDIT VALUES decryptedContent = ''.join([ x for x in decryptedContent if x in string.printable ]) #REMOVE SOME GARBAGE decryptedTitle = ''.join([ x for x in decryptedTitle if x in string.printable ]) #REMOVE SOME GARBAGE entry[ 1] = decryptedTitle #REPLACE ENCRYPTED TITLE BY DECRYPTED TITLE entry[ 2] = decryptedContent #REPLACE ENCRYPTED CONTENT BY DECRYPTED CONTENT #And below it is the results display code if args.vaultonly == False: entries["clear"].append(tuple(entry)) else: decryptedContent = json.loads(decryptedContent) print("{} : ".format(decryptedTitle)) for item in decryptedContent: print(item["text"] + " ---------> " + str("Checked" if item["checked"] else "Not checked")) if args.vaultonly == False: i = 1 print("############## CLEAR ####################\n") for entry in entries["clear"]: if i > (len(entries["clear"]) - encrypted_len): print("\n############## VAULT ####################\n") content = json.loads(entry[2]) print("{} : ".format(entry[1]) + "\n") for item in content: print("\t" + item["text"] + " ---------> " + str("Checked" if item["checked"] else "Not checked")) i += 1
from backports.pbkdf2 import pbkdf2_hmac import binascii, time salt = binascii.unhexlify('aaef2d3f4d77ac66e9c5a6c3d8f921d1') password = '******'.encode('utf-8') start_time = time.time() key = pbkdf2_hmac('sha256', password, salt, 50000, 32) end_time = time.time() print('Derived key:', binascii.hexlify(key)) print('Excution time: %s Seconds', end_time - start_time)
def _hash_password(self, password): rounds = current_app.config.get("HASH_ROUNDS", 100000) buff = pbkdf2_hmac("sha512", pwd, salt, iterations=rounds)
def hash_password(token, password): return binascii.hexlify( pbkdf2_hmac('sha512', password, token['accessToken'], 128000))
def digest(password, salt): password = str(password) salt = str(salt) return pbkdf2_hmac('sha256', password, salt, 100000)
rsa_public_key = PKCS1_OAEP.new(rsa_public_key) encrypted_text = rsa_public_key.encrypt(message) #encrypted_text = b64encode(encrypted_text) print('your rsa encrypted_text is : {}'.format(encrypted_text)) rsa_private_key = RSA.importKey(private_key) rsa_private_key = PKCS1_OAEP.new(rsa_private_key) decrypted_text = rsa_private_key.decrypt(encrypted_text) print('your rsa decrypted_text is : {}'.format(decrypted_text)) #to hash using pbkdf2 salt = binascii.unhexlify('aaef2d3f4d77ac66e9c5a6c3d8f921d1') passwd = pass1.encode("utf8") key = pbkdf2_hmac("sha256", passwd, salt, 50000, 32) pbkkey = binascii.hexlify(key) print("Derived key:", pbkkey) #creating the signature using rsa and pbkdf2 key = encrypted_text + pbkkey print(key) #to combine images into a video image_folder = 'd:/deep/data' video_name = 'video.avi' images = [img for img in os.listdir(image_folder) if img.endswith(".png")] #sorts images based on order images.sort(key=lambda x: int(''.join(filter(str.isdigit, x)))) print(images)
def generate_derivation(password): slt = binascii.unhexlify(''.join( [choice(string.hexdigits) for x in range(32)])) key = pbkdf2_hmac('sha256', str.encode(password), slt, 100000, 32) return binascii.hexlify(key).decode('utf-8')
import binascii from backports.pbkdf2 import pbkdf2_hmac salt_str = 'aaef2d3f4d77ac66e9c5a6c3d8f921d1' salt = binascii.unhexlify(salt_str) passwd = 'Esta es la clave a proteger'.encode('utf8') key = pbkdf2_hmac('sha256', passwd, salt, 50000, len(salt_str)) print(f'Derived key: {binascii.hexlify(key).decode("utf8")}')
def hash(password): salt = os.urandom(8) key = pbkdf2_hmac("sha256",password.encode("utf-8"),salt,80000,32) return {"key": key, "salt": salt}
def generateid(name): passwd = name.encode("utf8") key = pbkdf2_hmac("sha256", passwd, passwd, 50000, 8) return jsonify({'id': binascii.b2a_hex(key).decode("utf-8")})