-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpassword_hasher.py
44 lines (32 loc) · 1.26 KB
/
password_hasher.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# -*- coding: utf-8 -*-
import binascii
import hashlib
import hmac
from collections import namedtuple
import os
PasswordStorables = namedtuple('PasswordStorables', 'hmac salt')
class PasswordHasher(object):
"""Given a HMAC key and salt length, hashes a password and returns
its storable values: the HMAC and salt.
The salt is returned in hexadecimal representation. This returned
value is therefore twice as long as the salt_length provided.
"""
def __init__(self, hmac_key, salt_length):
self._hmac_key = hmac_key
self._salt_length = salt_length
def hash(self, password):
salt = self._generate_salt()
code = self._make_hmac(salt, password)
return PasswordStorables(code, salt)
def check(self, password, salt, hmac):
return hmac == self._make_hmac(salt, password)
def _make_hmac(self, salt, password):
# XXX: maybe its own class
salted_password = self._add_salt(salt, password)
pw_hmac = hmac.new(self._hmac_key, salted_password, hashlib.sha1)
return binascii.hexlify(pw_hmac.digest())
def _generate_salt(self):
return binascii.hexlify(os.urandom(self._salt_length))
@staticmethod
def _add_salt(salt, password):
return salt + password