python的惯用argon2密码散列
argonautica的Python项目详细描述
阿贡尤蒂卡PY
概述
argonautica是一个用于散列密码的python包,它使用加密安全的argon2算法。
Argon2在2015年赢得了密码散列竞赛,这是一个为期数年的项目,旨在确定BCRYPT的继任者。scrypt,以及其他常见的散列算法。
argonautica的构建考虑了一个简单的用例:散列存储在 网站数据库。也就是说,它也是"功能完整的",意味着你可以用它做任何事情 argon2的cannonical实现 您可以使用Argonautica*
事实上,Argonautica的一个特性甚至是Cannonical C实现 缺少,即使用密钥散列密码(C实现实现了这一点,但是 不公开)
备选方案
有几个实现argon2的python包,包括优秀的passlibpasslib,它使用了argon2\u cffi,但是…
afaik,argonautica是argon2的唯一一个支持使用密钥散列的python实现。甚至连argon2的cannonical c实现都没有公开公开这个特性(它在代码中,但不幸的是不能通过公共api访问)。
argonautica是argon2的唯一一个python实现,它使用simd指令来创建它的散列算法,这意味着它可以相当快。缺点是您必须为特定的机器编译它(这就是为什么
pip install argonautica
过程需要时间的原因)。也就是说,在开发人员2014年初的MacBook Air上,它已经通过avx2提供了simd指令,在默认设置下,argonautica的运行速度比passlib快30%。argonutica支持最新的argon2变体:argon2id,除非您有理由不使用,否则应该使用它。许多python实现还不支持这种变体。
最后,argonautica是argon2的唯一python实现,它是用">锈(与C或C++相反)。rust是一种"系统编程语言,运行速度极快,防止segfults,保证线程安全。"
要求
安装
- 生锈:
- llvm:
- MacOS:
Brew安装LLVM
,这需要自制 - 基于debian的linux:apt get install llvm dev libclang dev clang
- Arch Linux:
pacman-s clang
- 其他Linux:使用发行版的包管理器
- windows:在这里下载预构建的二进制文件
- MacOS:
- 阿贡尤蒂卡:
pip install——升级pip
或pip install setuptools rust
。注意:如果您的PIP版本为10.0或更高版本,则不需要安装工具生锈pip安装argonautica
。不幸的是,这个步骤可能需要几分钟的时间,因为argonautica需要为您的特定cpu编译它的rust代码(由于它使用simd指令)。然而,好处是,一旦编译完成,argonautica应该运行得非常快
用法
散列
fromargonauticaimportHasherhasher=Hasher(secret_key='somesecret')hash=hasher.hash(password='P@ssw0rd')print(hash)# ? prints a random hash as the defeault `Hasher` uses a random salt by default
验证
fromargonauticaimportVerifierverifier=Verifier(secret_key='somesecret')is_valid=verifier.verify(hash='$argon2id$v=19$m=4096,t=192,p=2$ULwasg5z5byOAork0UEhoTBVxIvAafKuceNz9NdCVXU$YxhaPnqRDys',password='P@ssw0rd',)assert(is_valid)
配置
fromargonauticaimportHasher,Verifierfromargonautica.configimportBackend,Variant,Versionhasher=Hasher(secret_key=None)# ? A secret key (passed as a keyword argument) is required to instantiate a# Hasher, a Verifier, or an Argon2, but you are allowed to pass `None`# in order to forgo using a secret key (this is not recommended)hasher.additional_data=None# Default is None# ? Although rarely used, argon2 allows you to hash a password# with not only salt and a secret key, but also with "additional data",# which acts as a kind of secondary secret key. Like a secret key, it affects# the outcome of the hash and is not stored in the string-encoded output, meaning# later, to verify against a hash created with additional data, you will need to# supply the same additional data manually to the Verifier (just like you have to# do with a secret key). Again, this is rarely used.hasher.backend=Backend.C# Default is Backend.C# ? argonautica was designed to support multiple backends (meaning multiple# implementations of the underlying argon2 algorithm). Currently only the# C backend is supported, which uses the cannonical argon2 library written# in C to actually do the work. In the future a Rust backend will also be# supported, but, for the moment, you must use Backend.C, which is the# default. Using Backend.Rust will result in an error (again, for the# moment).hasher.hash_len=32# Default is 32# ? The hash length in bytes is configurable. The default is 32.# This is probably a good number to use. 16 is also probably fine.# You probably shouldn't go below 16hasher.iterations=192# Default is 192# ? Argon2 has a notion of "iterations" or "time cost". All else equal# and generally speaking, the greater the number of iterations, the# longer it takes to perform the hash and the more secure the resulting# hash. More iterations basically means more CPU load. This and "memory# size" (see below) are the two primary parameters to adjust in order# to increase or decrease the security of your hash. The default is# 192 iterations, which was chosen because, along with the default# memory size of 4096, this leads to a hashing time of approximately# 300 milliseconds on the early-2014 Macbook Air that is the developer's# machine. If you're going to use argonautica in production, you should# probably tweak this parameter (and the memory size parameter) in order# to increase the time it takes to hash to the maximum you can# reasonably allow for your use-case (e.g. to probably about 300-500# milliseconds for the use-case of hashing user passwords for a website)hasher.lanes=2# Default is multiprocessing.cpu_count()# ? Argon2 can break up its work into one or more "lanes" during some parts of# the hashing algorithm. If you configure it with multiple lanes and you also# use multiple threads (see below) the hashing algorithm will performed its# work in parallel in some parts, potentially speeding up the time it takes to# produce a hash without diminishing the security of the result. By default,# the number of lanes is set to the number of logical cores on your machinehasher.memory_size=4096# Default is 4096# ? Argon2 has a notion of "memory size" or "memory cost" (in kibibytes). All else# equal and generally speaking, the greater the memory size, the longer it takes to# perform the hash and the more secure the resulting hash. More memory size basically# means more memory used. This and "iterations" (see above) are, again, generally# speaking, the two parameters to adjust in order to increase or decrease the# security of your hash. The default is 4096 kibibytes, which was chosen because,# again, along with the default iterations of 192, this leads to a hashing time of# approximately 300 milliseconds on the early-2014 Macbook Air that is the# developer's machine. If you're going to use argonautica in production, you should# probably tweak this parameter (and the iterations parameter) in order to increase# the time it takes to hash to the maximum you can reasonably allow for your use-case# (e.g. to probably about 300-500 milliseconds for the use-case of hashing user# passwords for a website)hasher.threads=2# Default is multiprocessing.cpu_count()# ? If you have configured a Hasher to use more than one lane (see above), you# can get the hashing algorithm to run in parallel during some parts of the# computation by setting the number of threads to be greater than one as well,# potentially speeding up the time it takes to produce a hash without diminishing# the security of the result. By default, the number of threads is set to the number# of logical cores on your machine. If you set the number of threads to a number# greater than the number of lanes, `Hasher` will automatically reduce the number# of threads to the number of laneshasher.variant=Variant.Argon2id# Default is Variant.Argon2id# ? Argon2 has three variants: Argon2d, Argon2i, and Argon2id. Here is how these# variants are explained in the RFC: "Argon2 has one primary variant: Argon2id,# and two supplementary variants: Argon2d and Argon2i. Argon2d uses data-dependent# memory access, which makes it suitable for ... applications with no threats from# side-channel timing attacks. Argon2i uses data-independent memory access, which# is preferred for password hashing and password-based key derivation. Argon2id# works as Argon2i for the first half of the first iteration over the memory, and# as Argon2d for the rest, thus providing both side-channel attack protection and# brute-force cost savings due to time-memory tradeoffs." If you do not know which# variant to use, use the default, which is Argon2idhasher.version=Version._0x13# Default is Version._0x13# ? Argon2 has two versions: 0x10 and 0x13. The latest version is 0x13 (as of 5/18).# Unless you have a very specific reason not to, you should use the latest# version (0x13), which is also the defaulthash=hasher.hash(password='P@ssw0rd',salt='somesalt',# You can set your own salt, or use the default: RandomSalt(32))assert(hash=='$argon2id$v=19$m=4096,t=192,p=2$c29tZXNhbHQ$8nD3gRm+NeOcIiIrlnzDAdnK4iD+K0mVqFXowGs13M4')verifier=Verifier(secret_key=None)verifier.additional_data=None# As with Hasher, you can configure a Verifier's additional dataverifier.backend=Backend.C# As with Hasher, you can configure a Verifier's backendverifier.threads=2# As with Hasher, you can configure a Verifier's threadsis_valid=verifier.verify(hash=hash,password='P@ssw0rd')assert(is_valid)
其他
mypy
- argonautica在代码中的任何地方都使用mypy类型注释,在作者看来,这是一种非常有用的文档形式;因此,如果您对用于参数的类型感到困惑,只需打开代码并查看函数签名即可。
argon2
argon2
是一个方便类,它同时包含一个hasher
和一个verifier
。如果您只想使用一个知道如何散列和验证的类,请实例化一个argon2
。它的工作方式与hasher
和verifier
的工作方式基本相同。
fromargonauticaimportArgon2argon2=Argon2(secret_key='somesecret')hash=argon2.hash(password='P@ssw0rd')print(hash)is_valid=argon2.verify(hash=hash,password='P@ssw0rd')assert(is_valid)
随机盐
random salt
是一种特殊的salt,它将在每个散列之前创建新的随机salt字节。随机盐知道它的长度(字节数)。默认的散列器使用长度为32字节的randomsalt,但您可以使用自定义长度的randomsalt。当您实例化一个random salt时,构造函数需要一个长度,例如my_randomsalt=randomsalt(16)
fromargonauticaimportHasherfromargonautica.dataimportRandomSalthasher=Hasher(salt=RandomSalt(16),# ? Here we're using a RandomSalt of length of 16 bytes# instead of the default, which is a RandomSalt of length 32 bytessecret_key="somesecret")hash=hasher.hash(password='P@ssw0rd')print(hash)
hashraw
- 使用argonautica进行散列会生成字符串编码的散列,但有时您可能需要此散列后面的"原始材料",即原始散列字节、原始盐字节或原始参数,它们是字符串编码散列的三个组成部分。要获得这些原始零件…
fromargonautica.utilsimportdecode,HashRawhash='$argon2id$v=19$m=4096,t=128,p=2$c29tZXNhbHQ$WwD2/wGGTuw7u4BW8sLM0Q'# Create a `HashRaw` using the `decode` functionhash_raw=decode(hash)# Pull out the raw parametersiterations=hash_raw.iterations# 128lanes=hash_raw.lanes# 2memory_size=hash_raw.memory_size# 4096variant=hash_raw.variant# Variant.Argon2idversion=hash_raw.version# Version._0x13# Pull out the raw bytesraw_hash_bytes=hash_raw.raw_hash_bytes# b'[\x00\xf6\xff\x01\x86N\xec;\xbb\x80V\xf2\xc2\xcc\xd1'raw_salt_bytes=hash_raw.raw_salt_bytes# b'somesalt'# Turn a `HashRaw` back into a string-encoded hash using the `encode` methodhash2=hash_raw.encode()assert(hash==hash2)
许可证
Argonautica根据以下任一项获得许可:
由您选择。