X-Git-Url: https://mudpy.org/gitweb?a=blobdiff_plain;f=lib%2Fmudpy%2Fpassword.py;h=96a14d8752ba08069559662cb86d3f8f0f9efd1a;hb=825fd8d09dc4c276a496d994b02293de2752f3e3;hp=b6b4be5044b8a0e9c764137794c7b50567574038;hpb=2a1119763de7805f617d8b62b8f0822969f3d7df;p=mudpy.git diff --git a/lib/mudpy/password.py b/lib/mudpy/password.py index b6b4be5..96a14d8 100644 --- a/lib/mudpy/password.py +++ b/lib/mudpy/password.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- """Password hashing functions and constants for the mudpy engine.""" -# Copyright (c) 2004-2013 Jeremy Stanley . Permission +# Copyright (c) 2004-2014 Jeremy Stanley . Permission # to use, copy, modify, and distribute this software is granted under # terms provided in the LICENSE file distributed with this software. @@ -23,7 +23,8 @@ SHA512 = 5 # hashlib.sha512 def _pack_bytes(numbers): - """ + """Make a packed byte sequence: + This is a wrapper around struct.pack, used to turn a list of integers between 0 and 255 into a packed sequence akin to a C-style string. """ @@ -36,7 +37,8 @@ def _pack_bytes(numbers): def _bytes_to_text(byte_sequence): - """ + """Generate printable representation of 8-bit data: + This is a wrapper around base64.b64encode with preferences appropriate for encoding Unix-style passwd hash strings. """ @@ -47,7 +49,8 @@ def _bytes_to_text(byte_sequence): def _generate_salt(salt_len=2): - """ + """Generate salt for a password hash: + This simply generates a sequence of pseudo-random characters (with 6-bits of effective entropy per character). Since it relies on base64 encoding (which operates on 6-bit chunks of data), we only generate @@ -62,7 +65,8 @@ def _generate_salt(salt_len=2): def upgrade_legacy_hash(legacy_hash, salt, sep="$"): - """ + """Upgrade an older password hash: + This utility function is meant to provide a migration path for users of mudpy's legacy account-name-salted MD5 hexdigest password hashes. By passing the old passhash (as legacy_hash) and name (as salt) @@ -95,7 +99,8 @@ def create( salt_len=2, sep="$" ): - """ + """Generate a password hash: + The meat of the module, this function takes a provided password and generates a Unix-like passwd hash suitable for storage in portable, text-based data files. The password is prepended with a salt (which @@ -163,11 +168,7 @@ def create( # number of times for i in range(2 ** rounds): hashed = algorithms[algorithm](hashed.encode("utf-8")).digest() - # TODO: remove this check after the switch to py3k - try: - hashed = "".join(format(x, "02x") for x in bytes(hashed)) - except ValueError: - hashed = "".join(format(ord(x), "02x") for x in bytes(hashed)) + hashed = "".join(format(x, "02x") for x in bytes(hashed)) # concatenate the output fields, coercing into text form as needed return "%s%s%s%s%s%s%s%s" % ( @@ -177,7 +178,8 @@ def create( def verify(password, encoded_hash): - """ + """Verify a password: + This simple function requires a text password and a mudpy-format password hash (as generated by the create function). It returns True if the password, hashed with the parameters from the encoded_hash,