I found this old code in one of the old files of mine which I have converted into Python3 but not very much satisfied and cannot reproduce the whole thing especially decoding it in check_password function.
#!/usr/bin/python2.7
# Imports
from hashlib import sha256
from hmac import HMAC
import random
# random bytes function convert random number into random 64-bit bytes
def random_bytes(num_bytes):
return "".join(chr(random.randrange(256)) for i in xrange(num_bytes))
# password based key derivation function with number of iterations
def pbkdf_sha256(password, salt, iterations):
result = password
for i in xrange(iterations):
result = HMAC(result, salt, sha256).digest() # use HMAC to apply the salt
return result
NUM_ITERATIONS = 5000
#hashing password and producing hashed password as well as salt
def hash_password(plain_password):
salt = random_bytes(8) # 64 bits
hashed_password = pbkdf_sha256(plain_password, salt, NUM_ITERATIONS)
# return the salt and hashed password, encoded in base64 and split with ","
return salt.encode("base64").strip() + "," + hashed_password.encode("base64").strip()
# check hashed_password that returns true if properly decoded
def check_password(saved_password_entry, plain_password):
salt, hashed_password = saved_password_entry.split(",")
salt = salt.decode("base64")
hashed_password = hashed_password.decode("base64")
return hashed_password == pbkdf_sha256(plain_password, salt, NUM_ITERATIONS)
password_entry = hash_password("mysecret")
# will print, for example: 8Y1ZO8Y1pi4=,r7Acg5iRiZ/x4QwFLhPMjASESxesoIcdJRSDkqWYfaA=
print password_entry
print check_password(password_entry, "mysecret") # returns True