def _verify_from_bytes(self, password, formatted_hash):
parsed = self.parse(formatted_hash)
hash = pbkdf2(
password,
parsed.salt,
parsed.rounds,
len(parsed.hash),
parsed.method
)
return constant_time_equal(hash, parsed.hash)
def test_constant_time_equal():
# We can't sanely check timing so we just test whether comparision works as
# expected.
assert constant_time_equal(b"foo", b"foo")
assert not constant_time_equal(b"foo", b"bar")
assert not constant_time_equal(b"bar", b"foo")
def _verify_from_bytes(self, password, formatted_hash):
parsed = self.parse(formatted_hash)
hash = hexlify(hmac.new(parsed.salt, password, self._digest).digest())
return constant_time_equal(hash, parsed.hash)
def _verify_from_bytes(self, password, formatted_hash):
parsed = self.parse(formatted_hash)
return constant_time_equal(
bcrypt.hashpw(password, parsed.hash),
parsed.hash
)
def _verify_from_bytes(self, password, formatted_hash):
return constant_time_equal(
self.parse(self.create(password)),
self.parse(formatted_hash)
)
