def test_valid_password(self):
dummy_password = dummy_salt_input = \
"http://blog.transparency.org/wp-content/uploads/2010/05/A2_Whistelblower_poster.jpg"
dummy_salt = get_salt(dummy_salt_input)
hashed_once = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
hashed_twice = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
self.assertTrue(hashed_once, hashed_twice)
self.assertTrue(check_password(dummy_password, hashed_once, dummy_salt_input))
def hash_pw(password, salt):
if type(password) != bytes:
password = bytes(password, 'utf-8')
if debug:
h = scrypt.hash(password, salt, N=2 ** 4, p=1, r=1, dkLen=buflen)
else:
h = scrypt.hash(password, salt, N=N, p=p, r=r, buflen=buflen)
return h
def _decrypt_ec_multiply(k_buffer, passphrase):
if passphrase is None or passphrase == '':
raise ValueError("Passphrase must not be empty.")
prefix = k_buffer[0:1]
flagbyte = k_buffer[1:2]
ls_numbers = False
if ''.join(chr(ord(c)&ord(k)) for c,k in izip(flagbyte, '\x04')) == '\x04':
ls_numbers = True
ls, = unpack('>I', k_buffer[10:14])
lot = ls / 4096
sequence = ls - (lot*4096)
salt = k_buffer[6:10]
else:
salt = k_buffer[6:14]
address_hash = k_buffer[2:6]
ownerentropy = k_buffer[6:14]
prefactor = scrypt.hash(passphrase, salt, N=16384, r=8, p=8, buflen=32)
if ls_numbers is True:
passfactor = SHA256.new(SHA256.new(prefactor+ownerentropy).digest()).digest()
else:
passfactor = prefactor
passpoint = Bip38._compute_passpoint(passfactor)
derived = scrypt.hash(passpoint, address_hash + ownerentropy, N=1024, r=1, p=1, buflen=64)
derived_half1 = derived[:32]
derived_half2 = derived[32:64]
cipher = AES.new(derived_half2)
decrypted_half2 = Bip38.xor_zip(cipher.decrypt(k_buffer[22:22+16]), derived_half1[16:32])
ep12 = decrypted_half2[0:8]
decrypted_half1 = Bip38.xor_zip(cipher.decrypt(k_buffer[14:14+8] + ep12), derived_half1[:16])
seedb = decrypted_half1[0:16] + decrypted_half2[8:16]
factorb = SHA256.new(SHA256.new(seedb).digest()).digest()
r = ssl.BN_new()
pf = ssl.BN_bin2bn(passfactor, 32, ssl.BN_new())
fb = ssl.BN_bin2bn(factorb, 32, ssl.BN_new())
NID_secp256k1 = 714
k = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)
group = ssl.EC_KEY_get0_group(k)
ctx = ssl.BN_CTX_new()
ssl.BN_CTX_start(ctx)
order = ssl.BN_CTX_get(ctx)
if ssl.EC_GROUP_get_order(group, order, ctx) == 0:
raise Exception('Error in EC_GROUP_get_order()')
ssl.BN_mod_mul(r, pf, fb, order, ctx)
ssl.BN_CTX_free(ctx)
pkey = CKey()
final = ctypes.create_string_buffer(32)
ssl.BN_bn2bin(r, final)
pkey.generate(secret=final)
return pkey.get_secret()
def hash(password, salt):
"""The hash function you want to call."""
k0 = scrypt.hash(password, salt, 512, 4, 8, 48)
debug("k0", k0)
rng = prng.AESCTR(k0[:32], k0[32:])
b = run_brainfuck(rng)
k1 = scrypt.hash(b, salt, 512, 4, 8, 32)
debug("k1", k1)
key = scrypt.hash(k1 + password, salt, 512, 4, 8, 32)
debug("key", key)
return key
def intermediate_code(password,useLotAndSequence=False,lot=100000,sequence=1, \
owner_salt=os.urandom(8)):
'''
Generates an intermediate code, as outlined by the BIP0038
wiki, found at:
https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki
Output is a string, beginning with 'passphrase'. Lot and
sequence inputs are ints. Even though the Lot range is only
recommended to be in the range 100000-999999, that
recommendation is enforced in this code. Sequence is in the
range 0-4095. Sequence starts at one instead of zero, as per
the wiki recommendation.
Also, note that the wiki test vectors do not include examples
for compressed keys with EC multiplication. Nor does the
Bitcoin Address Utility reference implementation successfully
identify 'cfrm38' confirmation codes for compressed keys.
This python implementation works with them, and the Bitcoin
Address Utility can still decrypt the '6P' encrypted private
keys for compressed public keys, but for compatibility with
the reference implementation, it is highly recommended that
you create encrypted keys and confirmation codes only for
uncompressed public keys when using an intermediate code to
create EC multiplied encryped private keys with confirmation
codes.
'''
password = normalize_input(password, False, True)
assert len(owner_salt) == 8 or \
(len(owner_salt) == 4 and useLotAndSequence)
if useLotAndSequence:
lot, sequence = int(lot), int(sequence)
assert lot >= 100000 and lot <= 999999
assert sequence >= 0 and sequence <= 4095
lotsequence = dechex((lot*4096 + sequence),4)
owner_salt = owner_salt[:4]
prefactor = scrypt.hash(password,owner_salt,16384,8,8,32)
prefactor = hexstrlify(prefactor)
owner_entropy = hexstrlify(owner_salt) + lotsequence
passfactor = hash256(prefactor + owner_entropy)
magicbytes = '2ce9b3e1ff39e251'
else:
passfactor = scrypt.hash(password,owner_salt,16384,8,8,32)
passfactor = hexstrlify(passfactor)
owner_entropy = hexstrlify(owner_salt)
magicbytes = '2ce9b3e1ff39e253'
passpoint = privtopub(passfactor,True)
return b58e(magicbytes + owner_entropy + passpoint)
def check_password(guessed_password, base64_stored, salt_input):
guessed_password = guessed_password.encode('utf-8')
salt = get_salt(salt_input)
hashed_guessed = scrypt.hash(guessed_password, salt)
return binascii.b2a_hex(hashed_guessed) == base64_stored
def bip38_decrypt(encrypted_privkey,passphrase):
'''BIP0038 non-ec-multiply decryption. Returns WIF privkey.'''
d = base58.b58decode(encrypted_privkey)
d = d[2:]
flagbyte = d[0:1]
d = d[1:]
if flagbyte == '\xc0':
compressed = False
if flagbyte == '\xe0':
compressed = True
addresshash = d[0:4]
d = d[4:-4]
key = scrypt.hash(passphrase,addresshash, 16384, 8, 8)
derivedhalf1 = key[0:32]
derivedhalf2 = key[32:64]
encryptedhalf1 = d[0:16]
encryptedhalf2 = d[16:32]
aes = AES.new(derivedhalf2)
decryptedhalf2 = aes.decrypt(encryptedhalf2)
decryptedhalf1 = aes.decrypt(encryptedhalf1)
priv = decryptedhalf1 + decryptedhalf2
priv = binascii.unhexlify('%064x' % (long(binascii.hexlify(priv), 16) ^ long(binascii.hexlify(derivedhalf1), 16)))
pub = privtopub(priv)
if compressed:
pub = encode_pubkey(pub,'hex_compressed')
wif = encode_privkey(priv,'wif_compressed')
else:
wif = encode_privkey(priv,'wif')
addr = pubtoaddr(pub)
if hashlib.sha256(hashlib.sha256(addr).digest()).digest()[0:4] != addresshash:
print('Addresshash verification failed! Password is likely incorrect.')
return wif
def bip38_encrypt(privkey,passphrase):
'''BIP0038 non-ec-multiply encryption. Returns BIP0038 encrypted privkey.'''
privformat = get_privkey_format(privkey)
if privformat in ['wif_compressed','hex_compressed']:
compressed = True
flagbyte = '\xe0'
if privformat == 'wif_compressed':
privkey = encode_privkey(privkey,'hex_compressed')
privformat = get_privkey_format(privkey)
if privformat in ['wif', 'hex']:
compressed = False
flagbyte = '\xc0'
if privformat == 'wif':
privkey = encode_privkey(privkey,'hex')
privformat = get_privkey_format(privkey)
pubkey = privtopub(privkey)
addr = pubtoaddr(pubkey)
addresshash = hashlib.sha256(hashlib.sha256(addr).digest()).digest()[0:4]
key = scrypt.hash(passphrase, addresshash, 16384, 8, 8)
derivedhalf1 = key[0:32]
derivedhalf2 = key[32:64]
aes = AES.new(derivedhalf2)
encryptedhalf1 = aes.encrypt(binascii.unhexlify('%0.32x' % (long(privkey[0:32], 16) ^ long(binascii.hexlify(derivedhalf1[0:16]), 16))))
encryptedhalf2 = aes.encrypt(binascii.unhexlify('%0.32x' % (long(privkey[32:64], 16) ^ long(binascii.hexlify(derivedhalf1[16:32]), 16))))
encrypted_privkey = ('\x01\x42' + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2)
encrypted_privkey += hashlib.sha256(hashlib.sha256(encrypted_privkey).digest()).digest()[:4] # b58check for encrypted privkey
encrypted_privkey = base58.b58encode(encrypted_privkey)
return encrypted_privkey
def _do_login(session, salt_info, password):
salt = salt_info['salt']
login_session = salt_info['login_session']
if isinstance(password, str):
password = password.encode('utf8')
if isinstance(salt, str):
salt = salt.encode('utf8')
rs = binascii.unhexlify(salt)
pwh = scrypt.hash(password, rs, N=2**15, r=8, p=1, buflen=224)[192:224]
content = base64.b64decode(login_session)
hmac_pwh = hmac.new(pwh, content, hashlib.sha512).hexdigest()
url = make_url('login')
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
}
params = {
'email_or_username': salt_info['username'],
'hmac_pwh': hmac_pwh,
'login_session': salt_info['login_session'],
}
r = session.post(url, json.dumps(params), headers=headers)
assert r.status_code == 200
content = r.json()
assert content['status']['code'] == 0
session.cookies['session'] = content['session']
return content['me']
def bip38_encrypt(private_key, passphrase, n=16384, r=8, p=8, compressed=False):
# determine the flagbyte
if compressed:
flagbyte = '\xe0'
else:
flagbyte = '\xc0'
# get the private key's address and equivalent in hex format and wif format
k = BitcoinKeypair(private_key)
address = k.address()
hex_private_key = k.private_key()
wif_private_key = k.wif_pk()
# calculate the address's checksum
address_checksum = sha256(sha256(address).digest()).digest()[0:4]
# calculate the scrypt hash and split it in half
scrypt_derived_key = scrypt.hash(passphrase, address_checksum, n, r, p)
derived_half_1 = scrypt_derived_key[0:32]
derived_half_2 = scrypt_derived_key[32:64]
# combine parts of the private key and scrypt hash and AES encrypt them
aes = AES.new(derived_half_2)
encrypted_half_1 = aes.encrypt(
binascii.unhexlify(
'%0.32x' % (long(hex_private_key[0:32], 16) ^ long(binascii.hexlify(derived_half_1[0:16]), 16))
)
)
encrypted_half_2 = aes.encrypt(
binascii.unhexlify(
'%0.32x' % (long(hex_private_key[32:64], 16) ^ long(binascii.hexlify(derived_half_1[16:32]), 16))
)
)
# build the encrypted private key from the checksum and encrypted parts
encrypted_private_key = ('\x42' + flagbyte + address_checksum + encrypted_half_1 + encrypted_half_2)
# base 58 encode the encrypted private key
b58check_encrypted_private_key = b58check_encode(encrypted_private_key, version_byte=1)
# return the encrypted private key
return b58check_encrypted_private_key
def import_from_encrypted(self, salt, password, encrypted):
'''
Load the data dictionary from an encrypted JSON text.
'''
key = scrypt.hash(password, salt, buflen=32)
box = nacl.secret.SecretBox(key)
self.data = json.loads(box.decrypt(encrypted))
def register(username, password, email):
salt = urandom(64)
hashed = scrypt.hash(password, salt)
engine.execute(users.insert().values(username=username,
email=email,
password_hash=hashed,
password_salt=salt))
def test_03_add_users(self):
with self.db.session_scope() as session:
self.assertFalse(self.db.user_exists(session, "jmorton"))
with self.db.session_scope() as session:
#shows that a complex user can be added
self.assertTrue(self.db.add_user(session, "jmorton", "*****@*****.**", "password", "Georgia Tech", first="Joshua", last="Morton", admin=True, mod=True))
#as well as a simple one
self.db.add_user(session, "cmalan", "*****@*****.**", "CS50isTheBest", "Harvard", mod=True)
#but that they need to attend a real school
self.assertFalse(self.db.add_user(session, "fake_user", "fmail", "fake_pw", "fakeuni"))
with self.db.session_scope() as session:
#checks that users can be searched
self.assertTrue(self.db.user_exists(session, user_name="jmorton"))
self.assertTrue(self.db.user_exists(session, email_address="*****@*****.**"))
self.assertTrue(self.db.user_exists(session, user_id=1))
#shows that even when correct information from conflicting users is provided, the result is correct
self.assertFalse(self.db.user_exists(session, user_name="jmorton", email_address="*****@*****.**"))
self.assertEqual(self.db.fetch_user_by_name(session, "jmorton").first_name, "Joshua")
#and nonexistant users throw errors
self.assertRaises(database.ItemDoesNotExistError, self.db.fetch_user_by_name, session, "name")
#hashes are not the same as passwords
self.assertNotEqual(self.db.fetch_user_by_name(session, "jmorton").password_hash, "password")
#and we can authenticate users from them
tempuser = self.db.fetch_user_by_name(session, "jmorton")
self.assertEqual(tempuser.password_hash, scrypt.hash("password", tempuser.password_salt, self.db.hashlength))
def decrypt(pkt, pwd=None, k=None, retries=3):
# decrypts a message symmetrically using crypto_secretbox
# pkt is a (nonce, ciphertext) tuple
# k specifies an encryption key, which if not supplied, is derived from
# pwd which is queried from the user, if also not specified.
cleark = (pwd is None)
clearpwd = (k is None)
cnt=0
res = None
while cnt<retries:
if not k:
if not pwd:
pwd = getpass.getpass('\nPassphrase for decrypting: ')
k = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES]
if clearpwd: clearmem(pwd)
pwd = None
try:
res = nacl.crypto_secretbox_open(pkt[1], pkt[0], k)
except ValueError:
cnt += 1
if cleark: clearmem(k)
k = None
continue
break
if cleark: clearmem(k)
if res:
return res
def scrypt_test():
start = time.time()
hashed = hashlib.sha256(scrypt.hash(password,bcrypt.gensalt(16))).digest()
obj =AES.new(hashed,AES.MODE_CBC, 'This is an IV456')
end = time.time()
ciphertext = obj.encrypt("The answer is no")
print "scrypt : ",(end-start)
def set_scrypt_library(library = SCRYPT_LIBRARY_AUTO):
'''Sets the scrypt library implementation to use.'''
global SCRYPT_LIBRARY
global scrypt_proof_of_work
if library == SCRYPT_LIBRARY_LTC:
import ltc_scrypt
scrypt_proof_of_work = ltc_scrypt.getPoWHash
SCRYPT_LIBRARY = library
elif library == SCRYPT_LIBRARY_SCRYPT:
import scrypt as NativeScrypt
scrypt_proof_of_work = lambda header: NativeScrypt.hash(header, header, 1024, 1, 1, 32)
SCRYPT_LIBRARY = library
# Try to load a faster version of scrypt before using the pure-Python implementation
elif library == SCRYPT_LIBRARY_AUTO:
try:
set_scrypt_library(SCRYPT_LIBRARY_LTC)
except Exception, e:
try:
set_scrypt_library(SCRYPT_LIBRARY_SCRYPT)
except Exception, e:
set_scrypt_library(SCRYPT_LIBRARY_PYTHON)
def getkey(l, pwd='', empty=False, text=''):
# queries the user twice for a passphrase if neccessary, and
# returns a scrypted key of length l
# allows empty passphrases if empty == True
# 'text' will be prepended to the password query
# will not query for a password if pwd != ''
global _prev_passphrase
#clearpwd = (pwd.strip()=='')
pwd2 = not pwd
if not pwd:
if _prev_passphrase:
print >>sys.stderr, "press enter to reuse the previous passphrase"
while pwd != pwd2 or (not empty and not pwd.strip()):
pwd = getpass.getpass('1/2 %s Passphrase: ' % text)
if pwd.strip():
pwd2 = getpass.getpass('2/2 %s Repeat passphrase: ' % text)
elif _prev_passphrase is not None:
pwd = _prev_passphrase
break
#if isinstance(pwd2, str):
# clearmem(pwd2)
if pwd.strip():
_prev_passphrase = pwd
key = scrypt.hash(pwd, scrypt_salt)[:l]
#if clearpwd: clearmem(pwd)
return key
def encrypt(inq, outq):
while( True ):
data = inq.get()
# Thank you Primm
outq.put(scrypt.hash(str(data), 'I Hate Liam Echlin', N=2048, r=4, p=4))
# print("hashed hazmat")
inq.task_done()
def encrypt(password, salt=None):
if salt is None:
salt = os.urandom(8)
else:
salt = binascii.unhexlify(salt)
hashed = scrypt.hash(password, salt)
return binascii.hexlify(hashed), binascii.hexlify(salt)
def test_change_password(self):
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
hashed2 = change_password(hashed1, first_pass, second_pass, dummy_salt)
# verify that second stored pass is the same
self.assertEqual(
hashed2,
binascii.b2a_hex(scrypt.hash(str(second_pass), dummy_salt))
)
def make_password(masterPassword, siteName): global debugging #strip whitespace and make lowercase siteName = re.sub(r'\s+', '', siteName).lower() key = masterPassword + siteName key = sha256hex(key) salt = "q3*V!jAre*kF8p5TPxXWQxQs$HTtdn@&dWSzTqwYBn$TF" + lessFrequentButStillAutoSuggestableWordsStr + key shash = scrypt.hash(key, salt, N=128, r=16, buflen=64) shash = codecs.encode(shash, 'hex') result = "" desired_word_count = 5 chunklen = int(len(shash) / desired_word_count) i = 0 while i < desired_word_count: lenStart = i * chunklen lenEnd = (i + 1) * chunklen chunk = shash[lenStart:lenEnd] ival = int(chunk, 16) % len(lessFrequentButStillAutoSuggestableWords) result = result + lessFrequentButStillAutoSuggestableWords[ival] result = result + "." i = i + 1 result = result + str(ival) return result
def add_user(self, session, username, email, password, school, first=None, last=None, admin=False, mod=False): #done
if not self.user_exists(session, user_name=username):
salt = str(int(time.time()))
pwhash = scrypt.hash(password, salt, self.hashlength)
if self.school_exists(session, school_name=school):
schoolid = self.fetch_school_by_name(session, school).school_id
session.add(self.user(user_name=username, email_address=email, password_hash=pwhash, password_salt=salt, school_id=schoolid, first=first, last=last, admin=admin, moderator=mod))
def check_login(self, password):
c = g.db.cursor()
c.execute("SELECT pass_hash, pass_salt FROM users WHERE username=?", (self.username,))
for row in c:
pass_hash, pass_salt = row
return (str(pass_hash) == scrypt.hash(password.encode('utf-8'), str(pass_salt)))
return False
def get_passkey(self, password):
"""Returns the hashed version of the password.
Broken out into a method, so we can swap it if nec.
"""
if password is None:
raise Exception("Password cannot be null.")
# N CPU cost parameter. ( N should be a power of two > 1)
# r Memory cost parameter.
# p Parallelization parameter.
# r*p should be < 2**30
# Defaults to N=16384, r=8, p=1, buflen=64
# Per http://www.tarsnap.com/scrypt/scrypt-slides.pdf
# (N = 2^14, r = 8, p = 1) for < 100ms (interactive use), and
# (N = 2^20, r = 8, p = 1) for < 5s (sensitive storage).
if self.passkey is not None:
return self.passkey
pkey = base64.b64encode(scrypt.hash(
password=password, salt=self.pubkey, N=16384, r=8, p=1)).decode('utf-8')
return pkey
def warp(passphrase, salt=""):
s1 = scrypt.hash(passphrase + "\x01", salt+"\x01", N=2**18, r=8, p=1,
buflen=32)
s2 = pbkdf2(passphrase + "\x02", salt=salt+"\x02", keylen=32, rounds=2**16,
prf="hmac-sha256")
key = binascii.hexlify(xor(s1, s2))
return key, bitcoin.pubtoaddr(bitcoin.privtopub(key))
def sludger(data):
if data:
outgoing = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#outgoing.connect(("downstream", 4444))
list1 = []
list1 = data.split(',')
#print("str", list1)
#header = Header(2, 8 + len(list1)*64, 0)
#outgoing.send(header.serialize())
h1 = b''
header = Header(2, 8 + len(list1)*64, 0)
h1 += header.serialize()
print("Header {}".format(h1))
for i in list1:
i = str(i)
salt = "I Hate Liam Echlin"
h1 += scrypt.hash(i, salt, N = 2048, r = 4, p = 4)
#print("Header list {}".format(h1))
not_sent = 1
while not_sent:
try:
outgoing.connect(("downstream", 4444))
#header = Header(2, 8 + len(list1)*64, 0)
#outgoing.send(header.serialize())
outgoing.send(h1)
not_sent = 0
except Exception:
continue
outgoing.close()
def auth_user(database, username, password):
with database.session_scope() as session:
user = database.fetch_user_by_name(session, username)
salt = user.password_salt
if scrypt.hash(password, salt, database.hashlength) == user.password_hash:
return True
return False
def bip38_decrypt(b58check_encrypted_private_key, passphrase, n=16384, r=8, p=8):
# decode private key from base 58 check to binary
encrypted_private_key = b58check_decode(b58check_encrypted_private_key)
# parse the encrypted key different byte sections
bip38_key_identification_byte = encrypted_private_key[0:1]
flagbyte = encrypted_private_key[1:2]
address_checksum = encrypted_private_key[2:6]
encrypted_half_1 = encrypted_private_key[6:6+16]
encrypted_half_2 = encrypted_private_key[6+16:6+32]
# derive a unique key from the passphrase and the address checksum
scrypt_derived_key = scrypt.hash(passphrase, address_checksum, n, r, p)
derived_half_1 = scrypt_derived_key[0:32]
derived_half_2 = scrypt_derived_key[32:64]
# decrypt the encrypted halves
aes = AES.new(derived_half_2)
decrypted_half_1 = aes.decrypt(encrypted_half_1)
decrypted_half_2 = aes.decrypt(encrypted_half_2)
# get the original private key from the encrypted halves + the derived half
decrypted_private_key = '%064x' % (long(binascii.hexlify(decrypted_half_1 + decrypted_half_2), 16) ^ long(binascii.hexlify(derived_half_1), 16))
# get the address corresponding to the private key
k = BitcoinKeypair(decrypted_private_key)
address = k.address()
# make sure the address matches the checksum in the original encrypted key
if address_checksum != sha256(sha256(address).digest()).digest()[0:4]:
raise ValueError('Invalid private key and password combo.')
# return the decrypted private key
return k.private_key()
def generate_hashes_from_block(data_block, algorithm):
sha256_hash = hashlib.sha256(hashlib.sha256(data_block).digest()).digest()[::-1]
header_hash = ""
if algorithm == "scrypt":
header_hash = scrypt.hash(data_block, data_block, 1024, 1, 1, 32)[::-1]
elif algorithm == "SHA256":
header_hash = sha256_hash
elif algorithm == "X11":
try:
exec ("import %s" % "xcoin_hash")
except ImportError:
sys.exit("Cannot run X11 algorithm: module xcoin_hash not found")
header_hash = xcoin_hash.getPoWHash(data_block)[::-1]
elif algorithm == "X13":
try:
exec ("import %s" % "x13_hash")
except ImportError:
sys.exit("Cannot run X13 algorithm: module x13_hash not found")
header_hash = x13_hash.getPoWHash(data_block)[::-1]
elif algorithm == "X15":
try:
exec ("import %s" % "x15_hash")
except ImportError:
sys.exit("Cannot run X15 algorithm: module x15_hash not found")
header_hash = x15_hash.getPoWHash(data_block)[::-1]
return sha256_hash, header_hash
def encrypt(privkey, passphrase) :
""" BIP0038 non-ec-multiply encryption. Returns BIP0038 encrypted privkey.
:param privkey: Private key
:type privkey: Base58
:param str passphrase: UTF-8 encoded passphrase for encryption
:return: BIP0038 non-ec-multiply encrypted wif key
:rtype: Base58
"""
privkeyhex = repr(privkey) # hex
addr = format(privkey.uncompressed.address, "BTC")
a = bytes(addr, 'ascii')
salt = hashlib.sha256(hashlib.sha256(a).digest()).digest()[0:4]
key = scrypt.hash(passphrase, salt, 16384, 8, 8)
(derived_half1, derived_half2) = (key[:32], key[32:])
aes = AES.new(derived_half2)
encrypted_half1 = _encrypt_xor(privkeyhex[:32], derived_half1[:16], aes)
encrypted_half2 = _encrypt_xor(privkeyhex[32:], derived_half1[16:], aes)
" flag byte is forced 0xc0 because BTS only uses compressed keys "
payload = (b'\x01' + b'\x42' + b'\xc0' +
salt + encrypted_half1 + encrypted_half2)
" Checksum "
checksum = hashlib.sha256(hashlib.sha256(payload).digest()).digest()[:4]
privatkey = hexlify(payload + checksum).decode('ascii')
return Base58(privatkey)
def header_hash(cls, header):
'''Given a header return the hash.'''
if cls.HEADER_HASH is None:
import scrypt
cls.HEADER_HASH = lambda x: scrypt.hash(x, x, 1024, 1, 1, 32)
version, = struct.unpack('<I', header[:4])
if version > 6:
return super().header_hash(header)
else:
return cls.HEADER_HASH(header)
def hash_password(password, salt):
"""
@param password: a unicode or utf-8 string
@param salt: a password salt
@return:
the salted scrypt hash of the provided password
"""
password = password.encode('utf-8')
salt = text_type(salt).encode('utf-8')
return binascii.hexlify(scrypt.hash(password, salt))
def key_from_password(username, password, key_file, cert_file, appname, key):
"""
Key is derived from password using scrypt
password is replaced with sha256(key) so that we cannot deduce key from
auth info
"""
salt = "|".join([username, appname, 'key'])
key = scrypt.hash(password, salt, **scrypt_kw)
# Calculate hash so that server cannot derive key from new_password
# b'auth' is added so that we don't use hash(key) by mistake
new_password = hashlib.sha256(key + b'auth').digest()
return new_password, key
def get_sync_db_key(self):
"""
Return the key for protecting the sync database.
:return: The key for protecting the sync database.
:rtype: str
"""
return scrypt.hash(
password=self._get_local_storage_secret(),
salt=self._get_sync_db_salt(),
buflen=32, # we need a key with 256 bits (32 bytes)
)
def decrypt(pkt, pwd=None, basedir=None, k=None):
# symmetric
cleark = (pwd is None)
clearpwd = (k is None)
if not k:
if not pwd:
pwd = getpass.getpass('Passphrase for decrypting: ')
k = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES]
if clearpwd: clearmem(pwd)
res = nacl.crypto_secretbox_open(pkt[1], pkt[0], k)
if cleark: clearmem(k)
return res
def test_change_password_fail_with_invalid_old_password(self):
dummy_salt_input = "xxxxxxxx"
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
self.assertRaises(errors.InvalidOldPassword, change_password, hashed1,
"invalid_old_pass", second_pass, dummy_salt_input)
def hash_password(password, salt):
"""
@param password: a password
@param salt: a password salt
@return:
the salted scrypt hash of the provided password
"""
password = password.encode('utf-8')
salt = salt.encode('utf-8')
return scrypt.hash(password, salt).encode('hex')
def decryptDecodeScryptKey(cf, password):
derived = scrypt.hash(password, cf.cryptoSalt, cf.N, cf.r, cf.p)
key = derived[:KEY_LEN_BYTES]
iv = derived[KEY_LEN_BYTES:]
#print('key : %s' % str(codecs.encode(key,"hex")).upper())
scrypted_intermediate_key = scrypt.hash(key, cf.cryptoSalt, cf.N, cf.r,
cf.p)
scrypted_intermediate_key_iv = scrypt.hash(derived, cf.cryptoSalt, cf.N,
cf.r, cf.p)
#print('scrypted IK_key : %s' % str(codecs.encode(scrypted_intermediate_key,"hex")).upper())
#print('scrypted IK_key_iv : %s' % str(codecs.encode(scrypted_intermediate_key_iv,"hex")).upper())
# do the decrypt
cipher = EVP.Cipher(alg='aes_128_cbc', key=key, iv=iv, op=0) # 0 is DEC
cipher.set_padding(padding=0)
decKey = cipher.update(cf.cryptoKey)
decKey = decKey + cipher.final()
#print('DKEY : %s' % str(codecs.encode(decKey,"hex")).upper())
return decKey
def Scrypt_excel(data):
result=[]
nrows=data.nrows
ncolumns=data.ncols
for i in range(1,20000):
text=''
for j in range(0,ncolumns):
text+=str(data.cell(i,j).value)
m = sc.hash(text.encode("utf-8"),"")
m=int.from_bytes(m, byteorder='little', signed=True)
result.append(m*10**(-152))
return result
def generate_key(password=''):
if password == '':
return Fernet.generate_key()
if type(password) == bytes:
password = password.decode('utf-8')
password = password.encode('utf-8')
key = scrypt.hash(password, salt='', N=2**16, r=8, p=1, buflen=32)
key = base64.urlsafe_b64encode(key)
return key
def hash_codename(self, codename, salt=None):
"""Salts and hashes a codename using scrypt.
:param str codename: A source's codename.
:param str salt: The salt to mix with the codename when hashing.
:returns: A base32 encoded string; the salted codename hash.
"""
if salt is None:
salt = self.scrypt_id_pepper
return b32encode(
scrypt.hash(clean(codename), salt,
**self.scrypt_params)).decode('utf-8')
def hash_codename(self, codename: str, salt: Optional[str] = None) -> str:
"""Salts and hashes a codename using scrypt.
:param codename: A source's codename.
:param salt: The salt to mix with the codename when hashing.
:returns: A base32 encoded string; the salted codename hash.
"""
if salt is None:
salt = self.scrypt_id_pepper
_validate_name_for_diceware(codename)
return b32encode(scrypt.hash(codename, salt,
**self.scrypt_params)).decode('utf-8')
def globalPass(flag=None):
files_path = loc()
#terminators call
if flag == 1:
try:
with open(f'{files_path}/accman/data.yml', 'r') as d:
y = yaml.safe_load(d)
#check check
globalPass = getpass('Please enter global password to proceed: ')
try:
with open(f'{files_path}/accman/data.yml', 'r') as d:
y = yaml.safe_load(d)
salt = y['GlobalSalt']
#generate a key
key = scrypt.hash(globalPass, salt, 2048, 8, 1, 32)
key = base64.urlsafe_b64encode(key)
with open(f'{files_path}/accman/data.yml', 'r') as d:
y = yaml.safe_load(d)
key2 = y['GlobalPassword']
key2 = str(key2).replace('{', '').replace('}', '')
except TypeError:
print(colored('\nFirst set up the global password!\n', 'red', attrs=['bold']))
exit(0)
#compare the keys
if str(key) == str(key2):
return True
else:
print(colored('\nInvalid global password!\n', 'red', attrs=['bold']))
exit(0)
except FileNotFoundError:
print(colored('\nFirst set up the global password!\n', 'red', attrs=['bold']))
exit(0)
#writers call
if flag == 0:
try:
with open(f'{files_path}/accman/data.yml', 'r') as d:
y = yaml.safe_load(d)
if 'GlobalPassword' in y:
return True
except:#FileNotFoundError and TypeError
globalPass = getpass('Enter the global password so that no one else can delete or modify your account information: ')
key = keygen(None, globalPass)
data = {
'GlobalPassword':{key}
}
# save the key in information file
encryptedFile = open(f'{files_path}/accman/data.yml', 'a')
encryptedFile.write(yaml.safe_dump(data, sort_keys=False))
encryptedFile.close()
def Script_txt(data):
result=[]
i=0
while i<200000:
text = data.readline()
if not text:
break
m = sc.hash(text.encode("utf-8"),"")
i+=1
m = int.from_bytes(m, byteorder='little', signed=True)
result.append(m * 10 ** (-152))
data.close()
return result
def decrypt(encrypted_private_key, passphrase):
bs58_decoded_pk = bs58_decode(encrypted_private_key)
salt = bs58_decoded_pk[3:7]
#scrypt_hash = scrypt.hash(passphrase, salt, N=n, r=r, p=p, buflen=l)
scrypt_hash = scrypt.hash(passphrase, salt, N=16384, r=8, p=8, buflen=64)
half1, half2 = scrypt_hash[:32], scrypt_hash[32:]
pk_slice = bs58_decoded_pk[7:7 + 32]
cipher = AES.new(key=half2, mode=AES.MODE_ECB)
decipher = cipher.decrypt(pk_slice)
decipher.setAutoPadding(false)
print(decipher)
def generate_key_scrypt(uid, password):
current_line = None
my_dir = os.path.dirname(os.path.realpath(__file__)) + '/'
with open(my_dir + 'scrypt_output.csv', 'r+') as f:
while current_line != '':
current_line = f.readline()
if current_line.split(',')[0] == uid:
print('Entry not added: UID already exists')
return
salt = os.urandom(64)
digest = scrypt.hash(password, salt).hex()
f.write(f'{uid},{digest},{salt}\n')
def signup():
given_username = request.form['username']
given_password = base64.b64encode(
scrypt.hash(base64.b64encode(request.form['password']), 'random salt'))
ins = User(username=given_username, passhash=given_password)
try:
Session.add(ins)
Session.commit()
except Exception as ex:
return 'Something went wrong: ' + str(ex)
return "done"
def decryptDecodeScryptKey(cf, password):
derived = scrypt.hash(password, cf.cryptoSalt, cf.N, cf.r, cf.p)
key = derived[:KEY_LEN_BYTES]
iv = derived[KEY_LEN_BYTES:]
# do the decrypt
cipher = EVP.Cipher(alg='aes_128_cbc', key=key, iv=iv, op=0) # 0 is DEC
cipher.set_padding(padding=0)
decKey = cipher.update(cf.cryptoKey)
decKey = decKey + cipher.final()
return decKey
def hashemail(email):
hashingconfig = CONFIG['emailHashing']
n = 2**(int(hashingconfig['N']))
r = int(hashingconfig['r'])
p = int(hashingconfig['p'])
buflen = int(hashingconfig['buflen'])
return base64.b64encode(
scrypt.hash(email,
CONFIG['emailHashing']['salt'],
N=n,
r=r,
p=p,
buflen=buflen), b'+_').decode('utf-8')
def sscrypt(password, salt=None):
"""Returns a Salted-Scrypt password hash
Args:
password: password
salt: salt to use. If none, one is generated
"""
password = password.encode('utf8')
if salt is None:
salt = _gensalt()
sscrypt = base64.b64encode(scrypt.hash(password, salt) + salt).strip()
return "{SSCRYPT}%s" % sscrypt
def bf(h, dictionary):
f = open(dictionary, 'r')
lines = f.readlines()
lines = lines.replace('\n', '')
print('\033[1;34m[*]\033[0m Starting Brute Force - hash = ' + h)
for i in lines:
h2 = scrypt.hash(i, salt)
if h == h2:
print('\033[1;32m[+]\033[0m Hash Cracked! - Password = ' + i)
def CryptoScrypt():
TimeEstimation()
start = timer()
global digest
digest = scrypt.hash( keyx, saltx,N=args.iter ,r=args.blocksize, p=args.parallelism, buflen=args.size)
end = timer()
timex = (end - start)
print("\n" + str(timex) + " seconds elapsed\n")
print( "Key was : " + keyx +"\n")
print( "salt was : " + saltx +"\n")
def reset_password2(code):
password = request.form['password']
connection = get_db()
cursor = connection.cursor()
cursor.execute("SELECT email FROM users WHERE verification_code = %s AND email_verified = True", (code,))
rst = cursor.fetchone()
email = rst[0]
password_salt = str(uuid.uuid4()).replace("-","")
password_hash = scrypt.hash(password, password_salt)
cursor.execute("UPDATE users SET verification_code = %s, password_hash = %s, password_salt = %s, created_at = current_timestamp WHERE email = %s", (code, password_hash, password_salt, email))
cursor.close()
connection.commit()
return '{success:true, message:"Password has been reset"}\n'
def scrypt_crypto_footer(passwd, crypto_footer, length):
'''
Runs scrypt with the parameters stored in the crypto footer
'''
#The scrypt parameters
N = 1 << crypto_footer['N_factor']
r = 1 << crypto_footer['r_factor']
p = 1 << crypto_footer['p_factor']
print "N=%d" % N
print "r=%d" % r
print "p=%d" % p
return scrypt.hash(passwd, crypto_footer['salt'], N, r, p, length)
def ExportNEP2(self, passphrase):
"""
Export the encrypted private key in NEP-2 format.
Args:
passphrase (str): The password to encrypt the private key with, as unicode string
Returns:
str: The NEP-2 encrypted private key
Raises:
ValueError: if the input `passphrase` length is < 2
"""
if len(passphrase) < 2:
raise ValueError("Passphrase must have a minimum of 2 characters")
# Hash address twice, then only use the first 4 bytes
address_hash_tmp = hashlib.sha256(
self.GetAddress().encode("utf-8")).digest()
address_hash_tmp2 = hashlib.sha256(address_hash_tmp).digest()
address_hash = address_hash_tmp2[:4]
# Normalize password and run scrypt over it with the address_hash
pwd_normalized = bytes(unicodedata.normalize('NFC', passphrase),
'utf-8')
derived = scrypt.hash(pwd_normalized,
address_hash,
N=SCRYPT_ITERATIONS,
r=SCRYPT_BLOCKSIZE,
p=SCRYPT_PARALLEL_FACTOR,
buflen=SCRYPT_KEY_LEN_BYTES)
# Split the scrypt-result into two parts
derived1 = derived[:32]
derived2 = derived[32:]
# Run XOR and encrypt the derived parts with AES
xor_ed = xor_bytes(bytes(self.PrivateKey), derived1)
cipher = AES.new(derived2, AES.MODE_ECB)
encrypted = cipher.encrypt(xor_ed)
# Assemble the final result
assembled = bytearray()
assembled.extend(NEP_HEADER)
assembled.extend(NEP_FLAG)
assembled.extend(address_hash)
assembled.extend(encrypted)
# Finally, encode with Base58Check
encrypted_key_nep2 = base58.b58encode_check(bytes(assembled))
return encrypted_key_nep2.decode("utf-8")
def key_from_cert(username, password, key_file, cert_file, appname, key):
"""
Key is derived from SSL key_file.
Password is securely hashed if given at all
"""
with open(key_file) as f:
key = hashlib.sha256(f.read().encode()).digest()
if password is not None:
salt = "|".join([username, appname, 'key'])
password = scrypt.hash(password, salt, **scrypt_kw)
password = hashlib.sha256(password + b'auth').digest()
return password, key
def keygen(name=None, passwrd=None):
#generating key
salt = os.urandom(16)
passphrase = hashlib.sha256(salt)
passphrase = passphrase.hexdigest()
if passwrd == None:
passphraseDict = {
name:{
'salt': passphrase
}
}
passwd = getpass(prompt='this password will be used to encrypt account data, it will not be saved for security purposes: ')
passwd = passwd.encode()
elif passwrd != None:
passphraseDict = {
'GlobalSalt':passphrase
}
passwd = passwrd
files_path = loc()
try:
#saving generated salt
if passwrd != None:
with open(f'{files_path}/accman/data.yml', 'r') as d:
y = yaml.safe_load(d)
y.update(passphraseDict)
encryptedFile = open(f'{files_path}/accman/data.yml', 'w')
encryptedFile.write(yaml.safe_dump(y, sort_keys=False))
encryptedFile.close()
else:
with open(f'{files_path}/accman/salt.yml', 'r') as d:
y = yaml.safe_load(d)
y.update(passphraseDict)
encryptedFile = open(f'{files_path}/accman/salt.yml', 'w')
encryptedFile.write(yaml.safe_dump(y, sort_keys=False))
encryptedFile.close()
except:
if passwrd != None:
encryptedFile = open(f'{files_path}/accman/data.yml', 'w')
encryptedFile.write(yaml.safe_dump(passphraseDict, sort_keys=False))
encryptedFile.close()
else:
encryptedFile = open(f'{files_path}/accman/salt.yml', 'w')
encryptedFile.write(yaml.safe_dump(passphraseDict, sort_keys=False))
encryptedFile.close()
#returning key
key = scrypt.hash(passwd, passphrase, 2048, 8, 1, 32)
key = base64.urlsafe_b64encode(key)
return key
def get_ek(self, words: List[int]) -> bytes:
"""
Returns the bytes constant used in the RecoverSecret loop
It is passed into key_derivation
returns (s_1 * a_1) * (s_2 * a_2) * ... * (s_n * a_n) (mod p)
"""
sList = self.extractor
aList = words
aList.sort()
e: nmod = nmod(1, self.prime)
for i in range(self.setSize):
e *= sList[i] * aList[i]
return scrypt.hash("key:" + str(e), self.salt)
def warp(passphrase, salt=""):
s1 = scrypt.hash(passphrase + "\x01",
salt + "\x01",
N=2**18,
r=8,
p=1,
buflen=32)
s2 = pbkdf2(passphrase + "\x02",
salt=salt + "\x02",
keylen=32,
rounds=2**16,
prf="hmac-sha256")
key = binascii.hexlify(xor(s1, s2))
return key, bitcoin.pubtoaddr(bitcoin.privtopub(key))
def generate_hmac(self, key, message):
"""
@param key: The user's generated password
@type key: str
@param message: message to hash for client-server authentication
@type message: str
@return: the hash based message auth code (to verify against the client sent one)
@rtype: str
@see: http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
"""
if len(key) > self.__BLOCK_SIZE:
salt = os.urandom(16).encode('base_64')
key = scrypt.hash(key, salt)
key += chr(0) * (self.__BLOCK_SIZE - len(key))
o_key_pad = xor(self.__TRANS_5C, key)
i_key_pad = xor(self.__TRANS_36, key)
return scrypt.hash(
o_key_pad + scrypt.hash(i_key_pad + message, self.__I_SALT),
self.__O_SALT)
