This module implements the password-based key derivation function, PBKDF2, specified in RSA PKCS#5 v2.0.
Install from PyPI:
pip install pbkdf2
from PBKDF2 import PBKDF2 from Crypto.Cipher import AES import os salt = os.urandom(8) # 64-bit salt key = PBKDF2("This passphrase is a secret.", salt).read(32) # 256-bit key iv = os.urandom(16) # 128-bit IV cipher = AES.new(key, AES.MODE_CBC, iv) ...
from pbkdf2 import crypt pwhash = crypt("secret") alleged_pw = raw_input("Enter password: ") if pwhash == crypt(alleged_pw, pwhash): print "Password good" else: print "Invalid password"
>>> from pbkdf2 import crypt >>> crypt("secret") '$p5k2$$hi46RA73$aGBpfPOgOrgZLaHGweSQzJ5FLz4BsQVs' >>> crypt("secret", "XXXXXXXX") '$p5k2$$XXXXXXXX$L9mVVdq7upotdvtGvXTDTez3FIu3z0uG' >>> crypt("secret", "XXXXXXXX", 400) # 400 iterations (the default for crypt) '$p5k2$$XXXXXXXX$L9mVVdq7upotdvtGvXTDTez3FIu3z0uG' >>> crypt("spam", iterations=400) '$p5k2$$FRsH3HJB$SgRWDNmB2LukCy0OTal6LYLHZVgtOi7s' >>> crypt("spam", iterations=1000) # 1000 iterations '$p5k2$3e8$H0NX9mT/$wk/sE8vv6OMKuMaqazCJYDSUhWY9YB2J'