linotp.lib.ext.pbkdf2 module

class linotp.lib.ext.pbkdf2.PBKDF2(passphrase, salt, iterations=1000, digestmodule=<module 'Cryptodome.Hash.SHA' from '/usr/lib/python2.7/dist-packages/Cryptodome/Hash/SHA.pyc'>, macmodule=<module 'Cryptodome.Hash.HMAC' from '/usr/lib/python2.7/dist-packages/Cryptodome/Hash/HMAC.pyc'>)[source]

Bases: object

PBKDF2.py : PKCS#5 v2.0 Password-Based Key Derivation

This implementation takes a passphrase and a salt (and optionally an iteration count, a digest module, and a MAC module) and provides a file-like object from which an arbitrarily-sized key can be read.

If the passphrase and/or salt are unicode objects, they are encoded as UTF-8 before they are processed.

The idea behind PBKDF2 is to derive a cryptographic key from a passphrase and a salt.

PBKDF2 may also be used as a strong salted password hash. The ‘crypt’ function is provided for that purpose.

Remember: Keys generated using PBKDF2 are only as strong as the passphrases they are derived from.

close()[source]

Close the stream.

static crypt(word, salt=None, iterations=None)

PBKDF2-based unix crypt(3) replacement.

The number of iterations specified in the salt overrides the ‘iterations’ parameter.

The effective hash length is 192 bits.

hexread(octets)[source]

Read the specified number of octets. Return them as hexadecimal.

Note that len(obj.hexread(n)) == 2*n.

read(bytes)[source]

Read the specified number of key bytes.

linotp.lib.ext.pbkdf2.crypt(word, salt=None, iterations=None)[source]

PBKDF2-based unix crypt(3) replacement.

The number of iterations specified in the salt overrides the ‘iterations’ parameter.

The effective hash length is 192 bits.