passlib.hash.atlassian_pbkdf2_sha1 - Atlassian’s PBKDF2-based Hash¶
This class provides an implementation of the PBKDF2 based hash used by Atlassian in Jira and other products. Note that unlike the most PBKDF2 hashes supported by Passlib, this one uses a fixed number of rounds (10000). That is currently a sufficient amount, but it cannot be altered; so this scheme should only be used to read existing hashes, and not used in new applications.
See also
- password hash usage – for examples of how to use this class via the common hash interface.
- passlib.hash.pbkdf2_{digest} – for some other PBKDF2-based hashes.
Interface¶
- class passlib.hash.atlassian_pbkdf2_sha1¶
This class implements the PBKDF2 hash used by Atlassian.
It supports a fixed-length salt, and a fixed number of rounds.
The encrypt() and genconfig() methods accept the following optional keyword:
Parameters: - salt (bytes) – Optional salt bytes. If specified, the length must be exactly 16 bytes. If not specified, a salt will be autogenerated (this is recommended).
- relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.
New in version 1.6.
Format & Algorithm¶
All of this scheme’s hashes have the format {PKCS5S2}data, where data is a 64 character base64 encoded string; which (when decoded), contains a 16 byte salt, and a 32 byte checksum.
A example hash (of password) is:
{PKCS5S2}DQIXJU038u4P7FdsuFTY/+35bm41kfjZa57UrdxHp2Mu3qF2uy+ooD+jF5t1tb8J
Once decoded, the salt value (in hexdecimal octets) is:
0d0217254d37f2ee0fec576cb854d8ff
and the checksum value (in hexidecimal octets) is:
edf96e6e3591f8d96b9ed4addc47a7632edea176bb2fa8a03fa3179b75b5bf09
When calculating the checksum: the password is encoded into UTF-8 if not already encoded. Using the specified salt, and a fixed 10000 rounds, PBKDF2-HMAC-SHA1 is used to generate a 32 byte key, which appended to the salt and encoded in base64.
Footnotes
| [1] | The specification for the PBKDF2 algorithm - http://tools.ietf.org/html/rfc2898#section-5.2. |
