This module provides security related helpers such as secure password hashing tools and a random string generator.
webapp2_extras.security.
generate_random_string
(length=0, entropy=0, pool='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')[source]¶Generates a random string using the given sequence pool.
To generate stronger passwords, use ASCII_PRINTABLE as pool.
Entropy is:
H = log2(N**L)
where:
Entropy chart:
-----------------------------------------------------------------
Symbol set Symbol Count (N) Entropy per symbol (H)
-----------------------------------------------------------------
HEXADECIMAL_DIGITS 16 4.0000 bits
DIGITS 10 3.3219 bits
LOWERCASE_ALPHA 26 4.7004 bits
UPPERCASE_ALPHA 26 4.7004 bits
PUNCTUATION 32 5.0000 bits
LOWERCASE_ALPHANUMERIC 36 5.1699 bits
UPPERCASE_ALPHANUMERIC 36 5.1699 bits
ALPHA 52 5.7004 bits
ALPHANUMERIC 62 5.9542 bits
ASCII_PRINTABLE 94 6.5546 bits
ALL_PRINTABLE 100 6.6438 bits
Parameters: |
|
---|---|
Returns: | A string with characters randomly chosen from the pool. |
webapp2_extras.security.
generate_password_hash
(password, method='sha1', length=22, pepper=None)[source]¶Hashes a password.
The format of the string returned includes the method that was used
so that check_password_hash()
can check the hash.
This method can not generate unsalted passwords but it is possible to set the method to plain to enforce plaintext passwords. If a salt is used, hmac is used internally to salt the password.
Parameters: |
|
---|---|
Returns: | A formatted hashed string that looks like this: method$salt$hash
|
This function was ported and adapted from Werkzeug.
webapp2_extras.security.
check_password_hash
(password, pwhash, pepper=None)[source]¶Checks a password against a given salted and hashed password value.
In order to support unsalted legacy passwords this method supports plain text passwords, md5 and sha1 hashes (both salted and unsalted).
Parameters: |
|
---|---|
Returns: | True if the password matched, False otherwise. |
This function was ported and adapted from Werkzeug.
webapp2_extras.security.
hash_password
(password, method, salt=None, pepper=None)[source]¶Hashes a password.
Supports plaintext without salt, unsalted and salted passwords. In case salted passwords are used hmac is used.
Parameters: |
|
---|---|
Returns: | A hashed password. |
This function was ported and adapted from Werkzeug.