def computePSK_hex(ssid, key): """ Compute the PSK for the given SSID and Key. Will return None if the key does not have the necessary length. """ if((len(key)>=8) and (len(key)<=63)): if(QUICK_MODE): return pbkdf2.pbkdf2_hex(key, ssid, 256, 32) else: return pbkdf2.pbkdf2_hex(key, ssid, 4096, 32) else: return None
def computePSK_hex(ssid, key): """ Compute the PSK for the given SSID and Key. Will return None if the key does not have the necessary length. """ if ((len(key) >= 8) and (len(key) <= 63)): if (QUICK_MODE): return pbkdf2.pbkdf2_hex(key, ssid, 256, 32) else: return pbkdf2.pbkdf2_hex(key, ssid, 4096, 32) else: return None
def decrypt_file(password, in_filename, out_filename=None, chunksize=24*1024): if not out_filename: out_filename = os.path.splitext(in_filename)[0] with open(in_filename, 'rb') as infile: signature = infile.read(len(SIGNATURE)) if signature != SIGNATURE: return legacy_decrypt_file(password, in_filename, out_filename, chunksize) with open(in_filename, 'rb') as infile: # signature skip infile.read(len(SIGNATURE)) origsize = struct.unpack('<Q', infile.read(struct.calcsize('Q')))[0] psalt = infile.read(16) key = pbkdf2_hex(password, psalt, PBKDF2_ITERATIONS, PBKDF2_KEYLENGTH) iv = infile.read(16) decryptor = AES.new(key, AES.MODE_CBC, iv) with open(out_filename, 'wb') as outfile: while True: chunk = infile.read(chunksize) if len(chunk) == 0: break outfile.write(decryptor.decrypt(chunk)) outfile.truncate(origsize)
def matches_password(self, password): """ Tests if a password will generate the same hash, meaning the password is the same string used originally to generate the hash. @param password: The password to test. @return: bool """ # To complete this test, we will generate a new hash based on the input # but using this objects other settings (salt, etc). # First, let's make sure we have the required hash function. if self.algorithm not in hashlib.algorithms: # We can't generate a hash to test, so fail. return False keylen = len(self.hash) / 2 hash = pbkdf2.pbkdf2_hex(password, self.salt, hashfunc=getattr(hashlib, self.algorithm), iterations=self.cost, keylen=keylen) return hash == self.hash
def make_password(self, password, salt=None, iterations=None): if not salt: salt = self.generate_salt() if not iterations: iterations = self.iterations hash_val = pbkdf2_hex(password, salt, iterations, hashfunc=self.hashfunc) return '%s$%s$%s$%s' % ('pbkdf2_sha256', iterations, salt, hash_val)
def _GeneratePBKDF2(self, salt): """Compute WPA2 key from a passphrase.""" if self.passphrase is None: return None return pbkdf2.pbkdf2_hex(self.passphrase, salt=salt, iterations=4096, keylen=32)
def hashNsalt(self, password=None, salt=None): if password == None: print 'saltnhash - missing password' return hashed = pbkdf2.pbkdf2_hex(password, salt) return hashed
def check_login(username, password): user = User.query.filter_by(username=username).first() if not user: return False [hexsalt, cmphash] = user.password.split('$') salt = unhexlify(hexsalt) hashed = pbkdf2_hex(str(password), salt) return hashed == cmphash
def make_hash(cls, username, password, iterations=1): if iterations == 1: return hashlib.sha256( cls.make_key(username, password, 1).encode('hex') + password).hexdigest() else: return pbkdf2.pbkdf2_hex( cls.make_key(username, password, iterations), password, 1, 32, hashlib.sha256)
def _hash_pass(password): if not isinstance(password, bytes): password = password.encode('utf8') if HAVE_HASHLIB_PBKDF2: hash = hashlib.pbkdf2_hmac('sha1', password, app.config['SALT'], 1000, 24) return binascii.hexlify(hash).decode('ascii') else: return pbkdf2.pbkdf2_hex(password, app.config['SALT'])
def make_hash(cls, username, password, iterations=1): if iterations == 1: return hashlib.sha256(cls.make_key(username, password, 1).encode('hex') + password).hexdigest() else: return pbkdf2.pbkdf2_hex( cls.make_key(username, password, iterations), password, 1, 32, hashlib.sha256)
def __init__(self, raw): # This should select the strongest algorithm available. self.algorithm = hashlib.algorithms[-1] hashfunc = getattr(hashlib, self.algorithm) self.salt = os.urandom(16).encode('hex') self.cost = 1000 self.hash = pbkdf2.pbkdf2_hex(raw, self.salt, hashfunc=hashfunc, iterations=self.cost)
def generate_pbkdf2_hash(): pwd = generate_password() start_time = time.clock() salt = urandom(16) sha_hash = pbkdf2_hex(pwd, salt, iterations=10000, hashfunc=hashlib.sha256) time_taken = time.clock() - start_time return render_template('index.html', hash_type="PBKDF2-SHA256", password=pwd, hash=sha_hash, duration=time_taken)
def decrypt(self, to_decrypt): """ Decrypts the given string using AES in CBC mode using zero padding. Arguments: - `to_decrypt`: The string being decrypted. """ gen_key = pbkdf2.pbkdf2_hex(self.password, self.salt, 1024, 16) obj = AES.new(self.key, AES.MODE_CBC,IV = self.iv) return obj.decrypt(to_decrypt).rstrip(chr(0))
def make_password(self, password, salt=None, iterations=None): if not salt: salt = self.generate_salt() if not iterations: iterations = self.iterations hash_val = pbkdf2_hex(password, salt, iterations, hashfunc=self.hashfunc, keylen=self.keylen) return '%s$%s$%s$%s' % ('pbkdf2_sha256', iterations, salt, hash_val)
def get_mic(Passphrase, SSID, AP_MAC, STA_MAC, ANonce, SNonce, DATA): A = "Pairwise key expansion\0" B = min(AP_MAC.decode('hex'), STA_MAC.decode('hex')) + max(AP_MAC.decode('hex'), STA_MAC.decode('hex')) + min(ANonce.decode('hex'), SNonce.decode('hex')) + max(ANonce.decode('hex'), SNonce.decode('hex')) psk = pbkdf2.pbkdf2_hex(Passphrase, SSID, 4096, 256)[:64] #只取64字节数据 pmk = psk.decode('hex') #转换为字符串,变成32字节数据,也就是256bits ptk = prf512.prf512(pmk, A, B) mic_key = ptk[0:16] # 注意参数,都是字符串,不是十六进制 mic = hmac.new(mic_key, DATA.decode('hex'), hashlib.sha1).hexdigest()[0:32] #只取前32位 return mic
def hashify(pwd, salt=COMMON_SALT): """ Implements password hasshing according to: - https://issues.apache.org/jira/browse/COUCHDB-1060 - https://issues.apache.org/jira/secure/attachment/12492631/0001-Integrate-PBKDF2.patch This test uses 'candeira:candeira' >>> hashify(candeira) -pbkdf2-99eb34d97cdaa581e6ba7b5386e112c265c5c670,d1d2d4d8909c82c81b6c8184429a0739,10 """ iterations = 10 keylen = 20 derived_key = pbkdf2_hex(pwd, salt, iterations, keylen) return "-pbkdf2-%s,%s,%s" % (derived_key, salt, iterations)
def encrypt(to_encrypt): # TODO: Add initialization vector. hard_key = '768EE18AB6480D53CC8FFCD23D117D57' gen_key = pbkdf2.pbkdf2_hex('password', 'salt', 1024, 16) print gen_key obj = AES.new(gen_key, AES.MODE_CBC,IV = 'C111510372A7A003') BLOCK_SIZE = 16 PADDING = ' ' pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * PADDING to_encrypt = pad(to_encrypt) cipher = obj.encrypt(to_encrypt) return cipher
def hash_password(plaintext, scheme = "pbkdf2"): """ Returns a one-way hash of a password string. plaintext: The password to hash scheme: md5, md5java, pbkdf2 or plain (no hash) """ if scheme is None or scheme == "" or scheme == "plain": return "plain:%s" % plaintext elif scheme == "pbkdf2": PBKDF2_ITERATIONS = 10000 PBKDF2_ALGORITHM = "sha1" salt = base64.b64encode(os.urandom(16)) h = pbkdf2.pbkdf2_hex(plaintext, salt, iterations=PBKDF2_ITERATIONS, hashfunc=getattr(hashlib, PBKDF2_ALGORITHM)) return "pbkdf2:%s:%s:%d:%s" % (PBKDF2_ALGORITHM, salt, PBKDF2_ITERATIONS, h) elif scheme == "md5" or scheme == "md5java": h = hashlib.md5(plaintext).hexdigest() if scheme == "md5java" and h.startswith("0"): h = h[1:] return "%s:%s" % (scheme, h)
def main(): passPhrase = "LINUXZSJ" ssid = "TP-LINK_4F6C90" A = "Pairwise key expansion\0" APmac = "20dce64f6c90".decode('hex') Clientmac = "e0b9a51fe794".decode('hex') ANonce = "3320ced2535ed697d52c272aeea799d4d188a4603142f37a240f8064d7cdf58f".decode('hex') SNonce = "93b0f1cd466efd5f6eb146ffbad9c9c86a74a961539dd3ef3b47f50da5298266".decode('hex') B = min(APmac, Clientmac) + max(APmac, Clientmac) + min(ANonce, SNonce) + max(ANonce, SNonce) psk = pbkdf2.pbkdf2_hex(passPhrase, ssid, 4096, 256)[:64] #只取64字节数据 pmk = psk.decode('hex') #转换为字符串,变成32字节数据,也就是256bits ptk = prf512.prf512(pmk, A, B) #从wireshark取数据时,要把MIC置0,16个字节 data = '02030077fe01c9002000000000000000023320ced2535ed697d52c272aeea799d4d188a4603142f37a240f8064d7cdf58f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f202' # ce52ff9185830f6bf2f50e1d59d564b4 print get_mic(data.decode('hex'), ptk)
def __init__(self, password, sock, sockthr): """ Arguments: - `password`: The password typed in from the device. - `salt`: The salt received from the device. - `iv`: The IV received from the device. """ self.password = password self.sock = sock self.salt = base64.b64decode(self.receive()) self.iv = base64.b64decode(self.receive()) self.key = pbkdf2.pbkdf2_hex(self.password, self.salt, 1024, 16) self.send(self.encrypt("Doge!!")) sockthr.set_crypt(self) sockthr.start()
def encrypt(self, to_encrypt): """ Encrypts the given string using AES in CBC mode using zero padding. Arguments: - `to_enrypt`: The string being decrypted. """ gen_key = pbkdf2.pbkdf2_hex(self.password, self.salt, 1024, 16) obj = AES.new(self.key, AES.MODE_CBC,IV = self.iv) BLOCK_SIZE = 16 PADDING = ' ' pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * PADDING to_encrypt = pad(to_encrypt) cipher = obj.encrypt(to_encrypt) return cipher
def verify_password(plaintext, passwordhash): """ Verifies whether or not password "plaintext" hashes to the same value as passwordhash. Hash scheme is auto detected from passwordhash itself. """ if passwordhash.startswith("pbkdf2:"): scheme, algorithm, salt, iterations, phash = passwordhash.split(":") return pbkdf2.pbkdf2_hex(plaintext, salt, iterations=int(iterations), hashfunc=getattr(hashlib, algorithm)) == phash elif passwordhash.startswith("plain:"): return plaintext == passwordhash[passwordhash.find(":")+1:] elif passwordhash.startswith("md5:"): return hash_password(plaintext, "md5") == passwordhash elif passwordhash.startswith("md5java:"): return hash_password(plaintext, "md5java") == passwordhash else: # Fall back to assuming historic undecorated md5 md5py = hashlib.md5(plaintext).hexdigest() md5java = md5py if md5java.startswith("0"): md5java = md5java[1:] return passwordhash == md5py or passwordhash == md5java
def encrypt_file(password, in_filename, out_filename=None, chunksize=64*1024): if not out_filename: out_filename = in_filename + '.enc' psalt = random_salt() key = pbkdf2_hex(password, psalt, PBKDF2_ITERATIONS, PBKDF2_KEYLENGTH) iv = random_salt() encryptor = AES.new(key, AES.MODE_CBC, iv) filesize = os.path.getsize(in_filename) with open(in_filename, 'rb') as infile: with open(out_filename, 'wb') as outfile: outfile.write(SIGNATURE) outfile.write(struct.pack('<Q', filesize)) outfile.write(psalt) outfile.write(iv) while True: chunk = infile.read(chunksize) if len(chunk) == 0: break elif len(chunk) % 16 != 0: chunk += ' ' * (16 - len(chunk) % 16) outfile.write(encryptor.encrypt(chunk))
def default_hasher (data): return pbkdf2_hex (data, '', iterations=50000, keylen=32, hashfunc=hashlib.sha256)
def hash_password(password, salt): from pbkdf2 import pbkdf2_hex return pbkdf2_hex(password, salt, config.PBKDF2Iterations)
def set_password(self, password): salt = os.urandom(16) hashed = pbkdf2_hex(str(password), salt) self.password = hexlify(salt) + '$' + hashed
def _GeneratePBKDF2(self, salt): """Compute WPA2 key from a passphrase.""" if self.passphrase is None: return None b = bytearray(self.passphrase, encoding='ascii', errors='ignore') return pbkdf2.pbkdf2_hex(b, salt=salt, iterations=4096, keylen=32)
def decrypt(to_decrypt): # TODO: Add initialization vector. hard_key = '768EE18AB6480D53CC8FFCD23D117D57' gen_key = pbkdf2.pbkdf2_hex('password', 'salt', 1024, 16) obj = AES.new(gen_key, AES.MODE_CBC,IV = 'C111510372A7A003') return obj.decrypt(to_decrypt)
def calculate_key(password, salt, iterations=50000): return pbkdf2_hex(password, salt, iterations, keylen=128, hashfunc=hashlib.sha512)
def hash_pwd(pwd_text): salt = "AF6FD01D57DD3DD71EAAAE2C225B1AD740FAADD575B6D68D6A3507D4DC8D9AD8" return pbkdf2.pbkdf2_hex(pwd_text.encode('utf-8'), salt)
def _hash_pass(password): if isinstance(password, unicode): password = password.encode('utf8') return pbkdf2.pbkdf2_hex(password, app.config['SALT'])
with open(inputfile, 'rb') as f: content = f.read() print(binascii.hexlify(content)) print ' ' print "####### Hash ... " # Sha512 hashd = hashlib.sha512(content).hexdigest() print hashd # Split hash in Two... pw,salt = splitStringInTwo(hashd) # PBKDF2 the hash pbkdfOut = pbkdf2_hex(pw,salt,keylen=len(content)) print ' ' print "####### pbkdfOut ... " print pbkdfOut # ... Split the output key,iv = splitStringInTwo(pbkdfOut) # Setup cipher with key = first half[:32] of pbkdf2, and IV = second part[:16] cipher = AES.new(key[:32], AES.MODE_CBC, iv[:16]) # Encrypt outCipher = cipher.encrypt(content).encode('hex') print ' '
def PYoldPbkdf2(data): salt = window.Parley.currentUser.attributes.email + '10620cd1fe3b07d0a0c067934c1496593e75994a26d6441b835635d98fda90db' return pbkdf2.pbkdf2_hex(data, salt.lower(), 2048, 32)
def _check(self, data, salt, iterations, keylen, expected): rv = pbkdf2_hex(data, salt, iterations, keylen) self.assertEqual(rv, expected)
def encrypt_password(plaintext, salt, rounds=5000): plaintext = plaintext.encode('utf-8') hex = pbkdf2_hex(plaintext, salt, rounds) return '{0}:{1}'.format(rounds, hex)