summaryrefslogtreecommitdiff
path: root/passlib/handlers/pbkdf2.py
Commit message (Collapse)AuthorAgeFilesLines
* forgot to document the relaxed=True keyword, and the strict-parameters policy.Eli Collins2012-05-021-0/+50
|
* mass rename of old alias for PasswordHash interfaceEli Collins2012-04-271-5/+5
|
* merging rewrite of all hash documentation, and password hash apiEli Collins2012-04-271-12/+25
| | | | | | | * password hash api rewritten to center around PasswordHash abstract class * extended walkthrough and documentation for PasswordHash interface * pared down the per-hash examples, added links to PasswordHash * updates docs and warnings
* finally added abstract base class for the password hash interface -- ↵Eli Collins2012-04-271-4/+5
| | | | | | passlib.ifc.PasswordHash (also had to make some tweaks to fix class repr due to ABCMeta)
* sped up pbkdf2 implementation by 60% or so - upped the rounds for all pbkdf2 ↵Eli Collins2012-04-191-7/+7
| | | | hashes
* a bunch of bugfixes found during unittestingEli Collins2012-04-171-1/+1
| | | | | | | | | | * bsdi_crypt apparently available on openbsd 4.9 * typo fixes * ConfigParser apparently only uses OrderedDict for >= PY27, adjusted CryptContext test accordingly * fixed test that depended on sha256_crypt.default_rounds * handle os_crypt backend w/ no fallback (bcrypt) * let _norm_rounds accept longs
* retuned default_rounds for a few hashes based on benchmarksEli Collins2012-04-171-9/+10
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-7/+2
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* parse_mc3/render_mc3 helpers now handle rounds str<->int, consolidated a ↵Eli Collins2012-04-101-65/+31
| | | | bunch of redundant code
* passlib.exc: added constructors for common errors, should normalize error ↵Eli Collins2012-04-101-12/+12
| | | | messages
* utils.handlers framework reworked; removed a bunch of boilerplate codeEli Collins2012-03-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | * StaticHandler is now subclass of GenericHandler - _calc_checksum() should be implemented instead of encrypt(). (compatibility stub added so old code should continue to work) - _norm_hash() no longer needs to handle ->unicode conversion - default from_string() contains a bunch of features, including stripping a known prefix, etc. * context kwds now pulled into constructor, so GenericHandler supports context kwds properly; HasUserContext mixin added to support common 'user' context kwd * identify_regexp & identify_prefix removed, functionality rolled into default GenericHandler.identify() implementation. - default identify checks _hash_regex as potential way to identify hashes * HasStubChecksum removed, functionality rolled into GenericHandler * HasRawChecksum now just sets a flag, functionality moved into GenericHandler * HasManyIdents._parse_ident() helper added to valid & split identifier from hashes. * GenericHandler._norm_checksum() is now strict about unicode / bytes
* renamed calc_checksum() -> _calc_checksum(), hiding the last of the private ↵Eli Collins2012-02-081-5/+5
| | | | methods of most handlers
* large refactor of GenericHandler internalsEli Collins2012-02-081-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | strict keyword -------------- * GenericHandler's "strict" keyword had poorly defined semantics; replaced this with "use_defaults" and "relaxed" keywords. Most handlers' from_string() method specified strict=True. This is now the default behavior, use_defaults=True is enabled only for encrypt() and genconfig(). relaxed=True is enabled only for specific handlers (and unittests) whose code requires it. This *does* break backward compat with passlib 1.5 handlers, but this is mostly and internal class. * missing required settings now throws a TypeError instead of a ValueError, to be more in line with std python behavior. * The norm_xxx functions provided by the GenericHandler mixins (e.g. norm_salt) have been renamed to _norm_xxx() to reflect their private nature; and converted from class methods to instance methods, to simplify their call signature for subclassing. misc ---- * rewrote GenericHandler unittests to use constructor only, instead of poking into norm_salt/norm_rounds internals. * checksum/salt charset checks speed up using set comparison * some small cleanups to FHSP implementation
* simplified crypt.crypt() wrappersEli Collins2012-01-191-4/+4
| | | | | | | * safe_crypt() improved - accepts unicode/bytes for salt, checks for NULL, returns None on failure * added test_crypt() wrapper to simplify backend checks. * removed native=True from most to_string() implementations, unused now. * updated UTs
* import cleanupsEli Collins2012-01-181-14/+13
| | | | | | | | | | | | | | | * moved bytes compat functions from utils to utils.compat (bord, bjoin, bjoin_ints, bjoin_elems, ujoin) * renamed bord -> belem_ord for clarify * a bunch of to_native_str() always use ascii, and have fixed input types (always bytes or always unicode). these don't need overhead of to_native_str(), so replaced those calls with two new funcs: compat.bascii_to_str() / compat.uascii_to_str() * cleaned up a lot of imports from utils/utils.compat to pull from correct module * simplified the to_string() logic of a bunch of handlers to reduce unicode<->byte transitions
* renamed the utils.handlers.XX_CHARS constants to match utils.XX_CHARS (old ↵Eli Collins2012-01-181-2/+2
| | | | aliases kept for now)
* replaced utils.h64 module with utils.Base64Engine instanceEli Collins2012-01-181-6/+6
| | | | | | | | | | | * new utils.Base64Engine() provides flexible class for encoding arbitrary base64 charmaps. it should also be a bit faster than the old h64 module. * predefined 'h64' instance has mostly the same methods as the old h64 module which it takes the place off - so imports should be unaffected. (the only the exception of the xxx_dc_xxx methods, which now use the 'h64big' instance) * replaced utils._blowfish base64 encoding with custom Base64Engine instance to reduce code duplication. * more through unittests for Base64Engine.
* clarified border case where verify() accepted configuration strings instead ↵Eli Collins2012-01-091-1/+1
| | | | of throwing ValueError for some handlers
* deprecated to_hash_str, replaced all instances with to_native_strEli Collins2011-12-281-6/+6
| | | | | | decided that to_hash_str will always return native string, feature of hashes being returned as unicode under python 2 is better done through a CryptContext option.
* ran a custom 2to3 fixer to replace all u"" with u() and add an import from ↵Eli Collins2011-12-061-16/+17
| | | | compat.u
* added compat.unicode imports in a number of placesEli Collins2011-12-061-0/+1
| | | | | | | | this distinguishes the types, so that for isinstance() tests... * 'unicode' always means the unicode type * 'bytes' always means the bytes type * 'str' always means the native string type
* GenericHandler.checksum_chars now defaults to ``None``, instead of implicit ↵Eli Collins2011-06-201-0/+1
| | | | H64_CHARS
* pbkdf2 handlers now py3 compatEli Collins2011-06-171-36/+48
|
* added support for Cryptacular's PBKDF2 formatEli Collins2011-06-021-1/+97
|
* added ldap_pbkdf2_{digest} variants; UTs & docs; removed prefix from ↵Eli Collins2011-04-291-4/+9
| | | | pdkdf2_sha1 for compat w/ existing hashes
* large rework of documentation; mainly to give more room to LDAP hashes, and ↵Eli Collins2011-04-291-2/+2
| | | | document ldap CRYPT hashes
* changed HasSalt to require explicit salt_chars; defaulting to H64_CHARS was ↵Eli Collins2011-04-251-0/+1
| | | | too implicit
* similar to api change, renamed checksum_chars->checksum_size, ↵Eli Collins2011-04-251-4/+4
| | | | | | checksum_charset->checksum_chars. * these were never documented or used externally, so no deprecated aliases left.
* api change - renaming (min|max|default)_salt_chars attributes -> ↵Eli Collins2011-04-251-14/+14
| | | | | | | | | | | (min|max|default)_salt_size * part of finalization of password hash api, these should not change name again * the names are rather ambiguous, "_size" makes it clearer what they mean * also renamed salt_charset -> salt_chars for the same reason * for applications that were reading old attributes, left aliases in place which will issue a warning when access - these will be removed in passlib 1.5 *
* added salt_size option to pbkdf1_{digest} and sha1_cryptEli Collins2011-04-051-3/+15
|
* converted most handlers to use new helper classes.Eli Collins2011-04-051-81/+48
| | | | | | | | | | * converted all ExtendedHandler & MultiBackendHandler subclasses to use GenericHandler + appropriate mixins. * converted most SimpleHandler subclasses to use StaticHandler. * changed some hashes to parse_mc2/mc3 methods: md5_crypt, apr_md5_crypt, most pbkdf2 hashes, sha1_crypt * changed most hashes to coerce unicode hash strings -> ascii * changed some internal attribute names for consistency
* added atlassian_pbkdf2_sha1 - supports hash PBKDF2-based hash used by ↵Eli Collins2011-04-041-1/+52
| | | | Atlassian (eg Jira's cwd_user table)
* replaced "raise exc, msg" with "raise exc(msg)" everywhere (working on py3k ↵Eli Collins2011-03-281-11/+11
| | | | compat, changes made by 2to3)
* added support for a bunch of PBKDF2 hash schemesEli Collins2011-03-281-0/+319
* pbkdf2_sha1, pbkdf2_sha256, pbkdf2_sha512 -- 3 custom schemes defined by passlib * dlitz_pbkdf2_sha1 -- Dwayne Litzenberger's PBKDF2 crypt * grub_pbkdf2_sha512 -- Grub2's PBKDF2 hash format * two util support functions: adapted_b64_(encode|decode) * UTs and docs for all of the above
View Lorry Controller Status