feat: MVP completo - backend + frontend funcional con ETA y guia de separacion
This commit is contained in:
@@ -1 +0,0 @@
|
|||||||
pip
|
|
||||||
@@ -1,343 +0,0 @@
|
|||||||
Metadata-Version: 2.4
|
|
||||||
Name: bcrypt
|
|
||||||
Version: 5.0.0
|
|
||||||
Summary: Modern password hashing for your software and your servers
|
|
||||||
Author-email: The Python Cryptographic Authority developers <cryptography-dev@python.org>
|
|
||||||
License: Apache-2.0
|
|
||||||
Project-URL: homepage, https://github.com/pyca/bcrypt/
|
|
||||||
Classifier: Development Status :: 5 - Production/Stable
|
|
||||||
Classifier: License :: OSI Approved :: Apache Software License
|
|
||||||
Classifier: Programming Language :: Python :: Implementation :: CPython
|
|
||||||
Classifier: Programming Language :: Python :: Implementation :: PyPy
|
|
||||||
Classifier: Programming Language :: Python :: 3
|
|
||||||
Classifier: Programming Language :: Python :: 3 :: Only
|
|
||||||
Classifier: Programming Language :: Python :: 3.8
|
|
||||||
Classifier: Programming Language :: Python :: 3.9
|
|
||||||
Classifier: Programming Language :: Python :: 3.10
|
|
||||||
Classifier: Programming Language :: Python :: 3.11
|
|
||||||
Classifier: Programming Language :: Python :: 3.12
|
|
||||||
Classifier: Programming Language :: Python :: 3.13
|
|
||||||
Classifier: Programming Language :: Python :: 3.14
|
|
||||||
Classifier: Programming Language :: Python :: Free Threading :: 3 - Stable
|
|
||||||
Requires-Python: >=3.8
|
|
||||||
Description-Content-Type: text/x-rst
|
|
||||||
License-File: LICENSE
|
|
||||||
Provides-Extra: tests
|
|
||||||
Requires-Dist: pytest!=3.3.0,>=3.2.1; extra == "tests"
|
|
||||||
Provides-Extra: typecheck
|
|
||||||
Requires-Dist: mypy; extra == "typecheck"
|
|
||||||
Dynamic: license-file
|
|
||||||
|
|
||||||
bcrypt
|
|
||||||
======
|
|
||||||
|
|
||||||
.. image:: https://img.shields.io/pypi/v/bcrypt.svg
|
|
||||||
:target: https://pypi.org/project/bcrypt/
|
|
||||||
:alt: Latest Version
|
|
||||||
|
|
||||||
.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main
|
|
||||||
:target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain
|
|
||||||
|
|
||||||
Acceptable password hashing for your software and your servers (but you should
|
|
||||||
really use argon2id or scrypt)
|
|
||||||
|
|
||||||
|
|
||||||
Installation
|
|
||||||
============
|
|
||||||
|
|
||||||
To install bcrypt, simply:
|
|
||||||
|
|
||||||
.. code:: console
|
|
||||||
|
|
||||||
$ pip install bcrypt
|
|
||||||
|
|
||||||
Note that bcrypt should build very easily on Linux provided you have a C
|
|
||||||
compiler and a Rust compiler (the minimum supported Rust version is 1.56.0).
|
|
||||||
|
|
||||||
For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:
|
|
||||||
|
|
||||||
.. code:: console
|
|
||||||
|
|
||||||
$ sudo apt-get install build-essential cargo
|
|
||||||
|
|
||||||
For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:
|
|
||||||
|
|
||||||
.. code:: console
|
|
||||||
|
|
||||||
$ sudo yum install gcc cargo
|
|
||||||
|
|
||||||
For Alpine, the following command will ensure that the required dependencies are installed:
|
|
||||||
|
|
||||||
.. code:: console
|
|
||||||
|
|
||||||
$ apk add --update musl-dev gcc cargo
|
|
||||||
|
|
||||||
|
|
||||||
Alternatives
|
|
||||||
============
|
|
||||||
|
|
||||||
While bcrypt remains an acceptable choice for password storage, depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_.
|
|
||||||
|
|
||||||
Changelog
|
|
||||||
=========
|
|
||||||
|
|
||||||
5.0.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Bumped MSRV to 1.74.
|
|
||||||
* Added support for Python 3.14 and free-threaded Python 3.14.
|
|
||||||
* Added support for Windows on ARM.
|
|
||||||
* Passing ``hashpw`` a password longer than 72 bytes now raises a
|
|
||||||
``ValueError``. Previously the password was silently truncated, following the
|
|
||||||
behavior of the original OpenBSD ``bcrypt`` implementation.
|
|
||||||
|
|
||||||
4.3.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Dropped support for Python 3.7.
|
|
||||||
* We now support free-threaded Python 3.13.
|
|
||||||
* We now support PyPy 3.11.
|
|
||||||
* We now publish wheels for free-threaded Python 3.13, for PyPy 3.11 on
|
|
||||||
``manylinux``, and for ARMv7l on ``manylinux``.
|
|
||||||
|
|
||||||
4.2.1
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Bump Rust dependency versions - this should resolve crashes on Python 3.13
|
|
||||||
free-threaded builds.
|
|
||||||
* We no longer build ``manylinux`` wheels for PyPy 3.9.
|
|
||||||
|
|
||||||
4.2.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Bump Rust dependency versions
|
|
||||||
* Removed the ``BCRYPT_ALLOW_RUST_163`` environment variable.
|
|
||||||
|
|
||||||
4.1.3
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Bump Rust dependency versions
|
|
||||||
|
|
||||||
4.1.2
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Publish both ``py37`` and ``py39`` wheels. This should resolve some errors
|
|
||||||
relating to initializing a module multiple times per process.
|
|
||||||
|
|
||||||
4.1.1
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Fixed the type signature on the ``kdf`` method.
|
|
||||||
* Fixed packaging bug on Windows.
|
|
||||||
* Fixed incompatibility with passlib package detection assumptions.
|
|
||||||
|
|
||||||
4.1.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Dropped support for Python 3.6.
|
|
||||||
* Bumped MSRV to 1.64. (Note: Rust 1.63 can be used by setting the ``BCRYPT_ALLOW_RUST_163`` environment variable)
|
|
||||||
|
|
||||||
4.0.1
|
|
||||||
-----
|
|
||||||
|
|
||||||
* We now build PyPy ``manylinux`` wheels.
|
|
||||||
* Fixed a bug where passing an invalid ``salt`` to ``checkpw`` could result in
|
|
||||||
a ``pyo3_runtime.PanicException``. It now correctly raises a ``ValueError``.
|
|
||||||
|
|
||||||
4.0.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* ``bcrypt`` is now implemented in Rust. Users building from source will need
|
|
||||||
to have a Rust compiler available. Nothing will change for users downloading
|
|
||||||
wheels.
|
|
||||||
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest
|
|
||||||
``pip`` to ensure this doesn’t cause issues downloading wheels on their
|
|
||||||
platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms.
|
|
||||||
* ``NUL`` bytes are now allowed in inputs.
|
|
||||||
|
|
||||||
|
|
||||||
3.2.2
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works.
|
|
||||||
|
|
||||||
3.2.1
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Added support for compilation on z/OS
|
|
||||||
* The next release of ``bcrypt`` with be 4.0 and it will require Rust at
|
|
||||||
compile time, for users building from source. There will be no additional
|
|
||||||
requirement for users who are installing from wheels. Users on most
|
|
||||||
platforms will be able to obtain a wheel by making sure they have an up to
|
|
||||||
date ``pip``. The minimum supported Rust version will be 1.56.0.
|
|
||||||
* This will be the final release for which we ship ``manylinux2010`` wheels.
|
|
||||||
Going forward the minimum supported manylinux ABI for our wheels will be
|
|
||||||
``manylinux2014``. The vast majority of users will continue to receive
|
|
||||||
``manylinux`` wheels provided they have an up to date ``pip``.
|
|
||||||
|
|
||||||
|
|
||||||
3.2.0
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Added typehints for library functions.
|
|
||||||
* Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).
|
|
||||||
* Shipped ``abi3`` Windows wheels (requires pip >= 20).
|
|
||||||
|
|
||||||
3.1.7
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Set a ``setuptools`` lower bound for PEP517 wheel building.
|
|
||||||
* We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce
|
|
||||||
them was a maintenance burden.
|
|
||||||
|
|
||||||
3.1.6
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Added support for compilation on Haiku.
|
|
||||||
|
|
||||||
3.1.5
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Added support for compilation on AIX.
|
|
||||||
* Dropped Python 2.6 and 3.3 support.
|
|
||||||
* Switched to using ``abi3`` wheels for Python 3. If you are not getting a
|
|
||||||
wheel on a compatible platform please upgrade your ``pip`` version.
|
|
||||||
|
|
||||||
3.1.4
|
|
||||||
-----
|
|
||||||
|
|
||||||
* Fixed compilation with mingw and on illumos.
|
|
||||||
|
|
||||||
3.1.3
|
|
||||||
-----
|
|
||||||
* Fixed a compilation issue on Solaris.
|
|
||||||
* Added a warning when using too few rounds with ``kdf``.
|
|
||||||
|
|
||||||
3.1.2
|
|
||||||
-----
|
|
||||||
* Fixed a compile issue affecting big endian platforms.
|
|
||||||
* Fixed invalid escape sequence warnings on Python 3.6.
|
|
||||||
* Fixed building in non-UTF8 environments on Python 2.
|
|
||||||
|
|
||||||
3.1.1
|
|
||||||
-----
|
|
||||||
* Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3.
|
|
||||||
|
|
||||||
3.1.0
|
|
||||||
-----
|
|
||||||
* Added support for ``checkpw``, a convenience method for verifying a password.
|
|
||||||
* Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt.
|
|
||||||
* Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug.
|
|
||||||
* Fixed compilation under Alpine Linux.
|
|
||||||
|
|
||||||
3.0.0
|
|
||||||
-----
|
|
||||||
* Switched the C backend to code obtained from the OpenBSD project rather than
|
|
||||||
openwall.
|
|
||||||
* Added support for ``bcrypt_pbkdf`` via the ``kdf`` function.
|
|
||||||
|
|
||||||
2.0.0
|
|
||||||
-----
|
|
||||||
* Added support for an adjustible prefix when calling ``gensalt``.
|
|
||||||
* Switched to CFFI 1.0+
|
|
||||||
|
|
||||||
Usage
|
|
||||||
-----
|
|
||||||
|
|
||||||
Password Hashing
|
|
||||||
~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
Hashing and then later checking that a password matches the previous hashed
|
|
||||||
password is very simple:
|
|
||||||
|
|
||||||
.. code:: pycon
|
|
||||||
|
|
||||||
>>> import bcrypt
|
|
||||||
>>> password = b"super secret password"
|
|
||||||
>>> # Hash a password for the first time, with a randomly-generated salt
|
|
||||||
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
|
|
||||||
>>> # Check that an unhashed password matches one that has previously been
|
|
||||||
>>> # hashed
|
|
||||||
>>> if bcrypt.checkpw(password, hashed):
|
|
||||||
... print("It Matches!")
|
|
||||||
... else:
|
|
||||||
... print("It Does not Match :(")
|
|
||||||
|
|
||||||
KDF
|
|
||||||
~~~
|
|
||||||
|
|
||||||
As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``.
|
|
||||||
This KDF is used in OpenSSH's newer encrypted private key format.
|
|
||||||
|
|
||||||
.. code:: pycon
|
|
||||||
|
|
||||||
>>> import bcrypt
|
|
||||||
>>> key = bcrypt.kdf(
|
|
||||||
... password=b'password',
|
|
||||||
... salt=b'salt',
|
|
||||||
... desired_key_bytes=32,
|
|
||||||
... rounds=100)
|
|
||||||
|
|
||||||
|
|
||||||
Adjustable Work Factor
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
One of bcrypt's features is an adjustable logarithmic work factor. To adjust
|
|
||||||
the work factor merely pass the desired number of rounds to
|
|
||||||
``bcrypt.gensalt(rounds=12)`` which defaults to 12):
|
|
||||||
|
|
||||||
.. code:: pycon
|
|
||||||
|
|
||||||
>>> import bcrypt
|
|
||||||
>>> password = b"super secret password"
|
|
||||||
>>> # Hash a password for the first time, with a certain number of rounds
|
|
||||||
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
|
|
||||||
>>> # Check that a unhashed password matches one that has previously been
|
|
||||||
>>> # hashed
|
|
||||||
>>> if bcrypt.checkpw(password, hashed):
|
|
||||||
... print("It Matches!")
|
|
||||||
... else:
|
|
||||||
... print("It Does not Match :(")
|
|
||||||
|
|
||||||
|
|
||||||
Adjustable Prefix
|
|
||||||
~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
Another one of bcrypt's features is an adjustable prefix to let you define what
|
|
||||||
libraries you'll remain compatible with. To adjust this, pass either ``2a`` or
|
|
||||||
``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object.
|
|
||||||
|
|
||||||
As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated.
|
|
||||||
|
|
||||||
Maximum Password Length
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
The bcrypt algorithm only handles passwords up to 72 characters, any characters
|
|
||||||
beyond that are ignored. To work around this, a common approach is to hash a
|
|
||||||
password with a cryptographic hash (such as ``sha256``) and then base64
|
|
||||||
encode it to prevent NULL byte problems before hashing the result with
|
|
||||||
``bcrypt``:
|
|
||||||
|
|
||||||
.. code:: pycon
|
|
||||||
|
|
||||||
>>> password = b"an incredibly long password" * 10
|
|
||||||
>>> hashed = bcrypt.hashpw(
|
|
||||||
... base64.b64encode(hashlib.sha256(password).digest()),
|
|
||||||
... bcrypt.gensalt()
|
|
||||||
... )
|
|
||||||
|
|
||||||
Compatibility
|
|
||||||
-------------
|
|
||||||
|
|
||||||
This library should be compatible with py-bcrypt and it will run on Python
|
|
||||||
3.8+ (including free-threaded builds), and PyPy 3.
|
|
||||||
|
|
||||||
Security
|
|
||||||
--------
|
|
||||||
|
|
||||||
``bcrypt`` follows the `same security policy as cryptography`_, if you
|
|
||||||
identify a vulnerability, we ask you to contact us privately.
|
|
||||||
|
|
||||||
.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html
|
|
||||||
.. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt
|
|
||||||
.. _`argon2_cffi`: https://argon2-cffi.readthedocs.io
|
|
||||||
.. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
bcrypt-5.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
|
|
||||||
bcrypt-5.0.0.dist-info/METADATA,sha256=yV1BfLlI6udlVy23eNbzDa62DSEbUrlWvlLBCI6UAdI,10524
|
|
||||||
bcrypt-5.0.0.dist-info/RECORD,,
|
|
||||||
bcrypt-5.0.0.dist-info/WHEEL,sha256=WieEZvWpc0Erab6-NfTu9412g-GcE58js6gvBn3Q7B4,111
|
|
||||||
bcrypt-5.0.0.dist-info/licenses/LICENSE,sha256=gXPVwptPlW1TJ4HSuG5OMPg-a3h43OGMkZRR1rpwfJA,10850
|
|
||||||
bcrypt-5.0.0.dist-info/top_level.txt,sha256=BkR_qBzDbSuycMzHWE1vzXrfYecAzUVmQs6G2CukqNI,7
|
|
||||||
bcrypt/__init__.py,sha256=cv-NupIX6P7o6A4PK_F0ur6IZoDr3GnvyzFO9k16wKQ,1000
|
|
||||||
bcrypt/__init__.pyi,sha256=ITUCB9mPVU8sKUbJQMDUH5YfQXZb1O55F9qvKZR_o8I,333
|
|
||||||
bcrypt/__pycache__/__init__.cpython-312.pyc,,
|
|
||||||
bcrypt/_bcrypt.abi3.so,sha256=oFwJu4Gq44FqJDttx_oWpypfuUQ30BkCWzD2FhojdYw,631768
|
|
||||||
bcrypt/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
Wheel-Version: 1.0
|
|
||||||
Generator: setuptools (80.9.0)
|
|
||||||
Root-Is-Purelib: false
|
|
||||||
Tag: cp39-abi3-manylinux_2_34_x86_64
|
|
||||||
|
|
||||||
@@ -1,201 +0,0 @@
|
|||||||
Apache License
|
|
||||||
Version 2.0, January 2004
|
|
||||||
http://www.apache.org/licenses/
|
|
||||||
|
|
||||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
||||||
|
|
||||||
1. Definitions.
|
|
||||||
|
|
||||||
"License" shall mean the terms and conditions for use, reproduction,
|
|
||||||
and distribution as defined by Sections 1 through 9 of this document.
|
|
||||||
|
|
||||||
"Licensor" shall mean the copyright owner or entity authorized by
|
|
||||||
the copyright owner that is granting the License.
|
|
||||||
|
|
||||||
"Legal Entity" shall mean the union of the acting entity and all
|
|
||||||
other entities that control, are controlled by, or are under common
|
|
||||||
control with that entity. For the purposes of this definition,
|
|
||||||
"control" means (i) the power, direct or indirect, to cause the
|
|
||||||
direction or management of such entity, whether by contract or
|
|
||||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
||||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
||||||
|
|
||||||
"You" (or "Your") shall mean an individual or Legal Entity
|
|
||||||
exercising permissions granted by this License.
|
|
||||||
|
|
||||||
"Source" form shall mean the preferred form for making modifications,
|
|
||||||
including but not limited to software source code, documentation
|
|
||||||
source, and configuration files.
|
|
||||||
|
|
||||||
"Object" form shall mean any form resulting from mechanical
|
|
||||||
transformation or translation of a Source form, including but
|
|
||||||
not limited to compiled object code, generated documentation,
|
|
||||||
and conversions to other media types.
|
|
||||||
|
|
||||||
"Work" shall mean the work of authorship, whether in Source or
|
|
||||||
Object form, made available under the License, as indicated by a
|
|
||||||
copyright notice that is included in or attached to the work
|
|
||||||
(an example is provided in the Appendix below).
|
|
||||||
|
|
||||||
"Derivative Works" shall mean any work, whether in Source or Object
|
|
||||||
form, that is based on (or derived from) the Work and for which the
|
|
||||||
editorial revisions, annotations, elaborations, or other modifications
|
|
||||||
represent, as a whole, an original work of authorship. For the purposes
|
|
||||||
of this License, Derivative Works shall not include works that remain
|
|
||||||
separable from, or merely link (or bind by name) to the interfaces of,
|
|
||||||
the Work and Derivative Works thereof.
|
|
||||||
|
|
||||||
"Contribution" shall mean any work of authorship, including
|
|
||||||
the original version of the Work and any modifications or additions
|
|
||||||
to that Work or Derivative Works thereof, that is intentionally
|
|
||||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
||||||
or by an individual or Legal Entity authorized to submit on behalf of
|
|
||||||
the copyright owner. For the purposes of this definition, "submitted"
|
|
||||||
means any form of electronic, verbal, or written communication sent
|
|
||||||
to the Licensor or its representatives, including but not limited to
|
|
||||||
communication on electronic mailing lists, source code control systems,
|
|
||||||
and issue tracking systems that are managed by, or on behalf of, the
|
|
||||||
Licensor for the purpose of discussing and improving the Work, but
|
|
||||||
excluding communication that is conspicuously marked or otherwise
|
|
||||||
designated in writing by the copyright owner as "Not a Contribution."
|
|
||||||
|
|
||||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
||||||
on behalf of whom a Contribution has been received by Licensor and
|
|
||||||
subsequently incorporated within the Work.
|
|
||||||
|
|
||||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
copyright license to reproduce, prepare Derivative Works of,
|
|
||||||
publicly display, publicly perform, sublicense, and distribute the
|
|
||||||
Work and such Derivative Works in Source or Object form.
|
|
||||||
|
|
||||||
3. Grant of Patent License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
(except as stated in this section) patent license to make, have made,
|
|
||||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
|
||||||
where such license applies only to those patent claims licensable
|
|
||||||
by such Contributor that are necessarily infringed by their
|
|
||||||
Contribution(s) alone or by combination of their Contribution(s)
|
|
||||||
with the Work to which such Contribution(s) was submitted. If You
|
|
||||||
institute patent litigation against any entity (including a
|
|
||||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
|
||||||
or a Contribution incorporated within the Work constitutes direct
|
|
||||||
or contributory patent infringement, then any patent licenses
|
|
||||||
granted to You under this License for that Work shall terminate
|
|
||||||
as of the date such litigation is filed.
|
|
||||||
|
|
||||||
4. Redistribution. You may reproduce and distribute copies of the
|
|
||||||
Work or Derivative Works thereof in any medium, with or without
|
|
||||||
modifications, and in Source or Object form, provided that You
|
|
||||||
meet the following conditions:
|
|
||||||
|
|
||||||
(a) You must give any other recipients of the Work or
|
|
||||||
Derivative Works a copy of this License; and
|
|
||||||
|
|
||||||
(b) You must cause any modified files to carry prominent notices
|
|
||||||
stating that You changed the files; and
|
|
||||||
|
|
||||||
(c) You must retain, in the Source form of any Derivative Works
|
|
||||||
that You distribute, all copyright, patent, trademark, and
|
|
||||||
attribution notices from the Source form of the Work,
|
|
||||||
excluding those notices that do not pertain to any part of
|
|
||||||
the Derivative Works; and
|
|
||||||
|
|
||||||
(d) If the Work includes a "NOTICE" text file as part of its
|
|
||||||
distribution, then any Derivative Works that You distribute must
|
|
||||||
include a readable copy of the attribution notices contained
|
|
||||||
within such NOTICE file, excluding those notices that do not
|
|
||||||
pertain to any part of the Derivative Works, in at least one
|
|
||||||
of the following places: within a NOTICE text file distributed
|
|
||||||
as part of the Derivative Works; within the Source form or
|
|
||||||
documentation, if provided along with the Derivative Works; or,
|
|
||||||
within a display generated by the Derivative Works, if and
|
|
||||||
wherever such third-party notices normally appear. The contents
|
|
||||||
of the NOTICE file are for informational purposes only and
|
|
||||||
do not modify the License. You may add Your own attribution
|
|
||||||
notices within Derivative Works that You distribute, alongside
|
|
||||||
or as an addendum to the NOTICE text from the Work, provided
|
|
||||||
that such additional attribution notices cannot be construed
|
|
||||||
as modifying the License.
|
|
||||||
|
|
||||||
You may add Your own copyright statement to Your modifications and
|
|
||||||
may provide additional or different license terms and conditions
|
|
||||||
for use, reproduction, or distribution of Your modifications, or
|
|
||||||
for any such Derivative Works as a whole, provided Your use,
|
|
||||||
reproduction, and distribution of the Work otherwise complies with
|
|
||||||
the conditions stated in this License.
|
|
||||||
|
|
||||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
||||||
any Contribution intentionally submitted for inclusion in the Work
|
|
||||||
by You to the Licensor shall be under the terms and conditions of
|
|
||||||
this License, without any additional terms or conditions.
|
|
||||||
Notwithstanding the above, nothing herein shall supersede or modify
|
|
||||||
the terms of any separate license agreement you may have executed
|
|
||||||
with Licensor regarding such Contributions.
|
|
||||||
|
|
||||||
6. Trademarks. This License does not grant permission to use the trade
|
|
||||||
names, trademarks, service marks, or product names of the Licensor,
|
|
||||||
except as required for reasonable and customary use in describing the
|
|
||||||
origin of the Work and reproducing the content of the NOTICE file.
|
|
||||||
|
|
||||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
||||||
agreed to in writing, Licensor provides the Work (and each
|
|
||||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
||||||
implied, including, without limitation, any warranties or conditions
|
|
||||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
||||||
appropriateness of using or redistributing the Work and assume any
|
|
||||||
risks associated with Your exercise of permissions under this License.
|
|
||||||
|
|
||||||
8. Limitation of Liability. In no event and under no legal theory,
|
|
||||||
whether in tort (including negligence), contract, or otherwise,
|
|
||||||
unless required by applicable law (such as deliberate and grossly
|
|
||||||
negligent acts) or agreed to in writing, shall any Contributor be
|
|
||||||
liable to You for damages, including any direct, indirect, special,
|
|
||||||
incidental, or consequential damages of any character arising as a
|
|
||||||
result of this License or out of the use or inability to use the
|
|
||||||
Work (including but not limited to damages for loss of goodwill,
|
|
||||||
work stoppage, computer failure or malfunction, or any and all
|
|
||||||
other commercial damages or losses), even if such Contributor
|
|
||||||
has been advised of the possibility of such damages.
|
|
||||||
|
|
||||||
9. Accepting Warranty or Additional Liability. While redistributing
|
|
||||||
the Work or Derivative Works thereof, You may choose to offer,
|
|
||||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
|
||||||
or other liability obligations and/or rights consistent with this
|
|
||||||
License. However, in accepting such obligations, You may act only
|
|
||||||
on Your own behalf and on Your sole responsibility, not on behalf
|
|
||||||
of any other Contributor, and only if You agree to indemnify,
|
|
||||||
defend, and hold each Contributor harmless for any liability
|
|
||||||
incurred by, or claims asserted against, such Contributor by reason
|
|
||||||
of your accepting any such warranty or additional liability.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
APPENDIX: How to apply the Apache License to your work.
|
|
||||||
|
|
||||||
To apply the Apache License to your work, attach the following
|
|
||||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
|
||||||
replaced with your own identifying information. (Don't include
|
|
||||||
the brackets!) The text should be enclosed in the appropriate
|
|
||||||
comment syntax for the file format. We also recommend that a
|
|
||||||
file or class name and description of purpose be included on the
|
|
||||||
same "printed page" as the copyright notice for easier
|
|
||||||
identification within third-party archives.
|
|
||||||
|
|
||||||
Copyright [yyyy] [name of copyright owner]
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
bcrypt
|
|
||||||
@@ -1,3 +1,7 @@
|
|||||||
|
# Author:: Donald Stufft (<donald@stufft.io>)
|
||||||
|
# Copyright:: Copyright (c) 2013 Donald Stufft
|
||||||
|
# License:: Apache License, Version 2.0
|
||||||
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
# You may obtain a copy of the License at
|
# You may obtain a copy of the License at
|
||||||
@@ -9,8 +13,14 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
from __future__ import absolute_import
|
||||||
|
from __future__ import division
|
||||||
|
|
||||||
from ._bcrypt import (
|
import hmac
|
||||||
|
import os
|
||||||
|
import warnings
|
||||||
|
|
||||||
|
from .__about__ import (
|
||||||
__author__,
|
__author__,
|
||||||
__copyright__,
|
__copyright__,
|
||||||
__email__,
|
__email__,
|
||||||
@@ -18,26 +28,100 @@ from ._bcrypt import (
|
|||||||
__summary__,
|
__summary__,
|
||||||
__title__,
|
__title__,
|
||||||
__uri__,
|
__uri__,
|
||||||
checkpw,
|
__version__,
|
||||||
gensalt,
|
|
||||||
hashpw,
|
|
||||||
kdf,
|
|
||||||
)
|
|
||||||
from ._bcrypt import (
|
|
||||||
__version_ex__ as __version__,
|
|
||||||
)
|
)
|
||||||
|
from . import _bcrypt # noqa: I100
|
||||||
|
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
"__author__",
|
|
||||||
"__copyright__",
|
|
||||||
"__email__",
|
|
||||||
"__license__",
|
|
||||||
"__summary__",
|
|
||||||
"__title__",
|
"__title__",
|
||||||
|
"__summary__",
|
||||||
"__uri__",
|
"__uri__",
|
||||||
"__version__",
|
"__version__",
|
||||||
"checkpw",
|
"__author__",
|
||||||
|
"__email__",
|
||||||
|
"__license__",
|
||||||
|
"__copyright__",
|
||||||
"gensalt",
|
"gensalt",
|
||||||
"hashpw",
|
"hashpw",
|
||||||
"kdf",
|
"kdf",
|
||||||
|
"checkpw",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes:
|
||||||
|
if prefix not in (b"2a", b"2b"):
|
||||||
|
raise ValueError("Supported prefixes are b'2a' or b'2b'")
|
||||||
|
|
||||||
|
if rounds < 4 or rounds > 31:
|
||||||
|
raise ValueError("Invalid rounds")
|
||||||
|
|
||||||
|
salt = os.urandom(16)
|
||||||
|
output = _bcrypt.encode_base64(salt)
|
||||||
|
|
||||||
|
return (
|
||||||
|
b"$"
|
||||||
|
+ prefix
|
||||||
|
+ b"$"
|
||||||
|
+ ("%2.2u" % rounds).encode("ascii")
|
||||||
|
+ b"$"
|
||||||
|
+ output
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def hashpw(password: bytes, salt: bytes) -> bytes:
|
||||||
|
if isinstance(password, str) or isinstance(salt, str):
|
||||||
|
raise TypeError("Strings must be encoded before hashing")
|
||||||
|
|
||||||
|
# bcrypt originally suffered from a wraparound bug:
|
||||||
|
# http://www.openwall.com/lists/oss-security/2012/01/02/4
|
||||||
|
# This bug was corrected in the OpenBSD source by truncating inputs to 72
|
||||||
|
# bytes on the updated prefix $2b$, but leaving $2a$ unchanged for
|
||||||
|
# compatibility. However, pyca/bcrypt 2.0.0 *did* correctly truncate inputs
|
||||||
|
# on $2a$, so we do it here to preserve compatibility with 2.0.0
|
||||||
|
password = password[:72]
|
||||||
|
|
||||||
|
return _bcrypt.hashpass(password, salt)
|
||||||
|
|
||||||
|
|
||||||
|
def checkpw(password: bytes, hashed_password: bytes) -> bool:
|
||||||
|
if isinstance(password, str) or isinstance(hashed_password, str):
|
||||||
|
raise TypeError("Strings must be encoded before checking")
|
||||||
|
|
||||||
|
ret = hashpw(password, hashed_password)
|
||||||
|
return hmac.compare_digest(ret, hashed_password)
|
||||||
|
|
||||||
|
|
||||||
|
def kdf(
|
||||||
|
password: bytes,
|
||||||
|
salt: bytes,
|
||||||
|
desired_key_bytes: int,
|
||||||
|
rounds: int,
|
||||||
|
ignore_few_rounds: bool = False,
|
||||||
|
) -> bytes:
|
||||||
|
if isinstance(password, str) or isinstance(salt, str):
|
||||||
|
raise TypeError("Strings must be encoded before hashing")
|
||||||
|
|
||||||
|
if len(password) == 0 or len(salt) == 0:
|
||||||
|
raise ValueError("password and salt must not be empty")
|
||||||
|
|
||||||
|
if desired_key_bytes <= 0 or desired_key_bytes > 512:
|
||||||
|
raise ValueError("desired_key_bytes must be 1-512")
|
||||||
|
|
||||||
|
if rounds < 1:
|
||||||
|
raise ValueError("rounds must be 1 or more")
|
||||||
|
|
||||||
|
if rounds < 50 and not ignore_few_rounds:
|
||||||
|
# They probably think bcrypt.kdf()'s rounds parameter is logarithmic,
|
||||||
|
# expecting this value to be slow enough (it probably would be if this
|
||||||
|
# were bcrypt). Emit a warning.
|
||||||
|
warnings.warn(
|
||||||
|
(
|
||||||
|
"Warning: bcrypt.kdf() called with only {0} round(s). "
|
||||||
|
"This few is not secure: the parameter is linear, like PBKDF2."
|
||||||
|
).format(rounds),
|
||||||
|
UserWarning,
|
||||||
|
stacklevel=2,
|
||||||
|
)
|
||||||
|
|
||||||
|
return _bcrypt.pbkdf(password, salt, rounds, desired_key_bytes)
|
||||||
|
|||||||
@@ -1,10 +0,0 @@
|
|||||||
def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: ...
|
|
||||||
def hashpw(password: bytes, salt: bytes) -> bytes: ...
|
|
||||||
def checkpw(password: bytes, hashed_password: bytes) -> bool: ...
|
|
||||||
def kdf(
|
|
||||||
password: bytes,
|
|
||||||
salt: bytes,
|
|
||||||
desired_key_bytes: int,
|
|
||||||
rounds: int,
|
|
||||||
ignore_few_rounds: bool = False,
|
|
||||||
) -> bytes: ...
|
|
||||||
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user