BasePasswordHasher
Abstract base class for password hashers
Attributes
| Attribute | Type | Description |
|---|---|---|
| algorithm | string | Unique identifier for the hashing algorithm that must be overridden by subclasses. |
| library | `string | tuple |
| salt_entropy | integer = 128 | The number of bits of entropy required when generating a cryptographically secure nonce salt. |
Methods
salt()
@classmethod
def salt() - > string
Generate a cryptographically secure nonce salt in ASCII with an entropy of at least salt_entropy bits.
Returns
| Type | Description |
|---|---|
string | A random string of characters providing sufficient entropy for use as a password salt |
verify()
@classmethod
def verify(
password: string,
encoded: string
) - > boolean
Check if the given password is correct.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to be verified |
| encoded | string | The hashed password string from the database to check against |
Returns
| Type | Description |
|---|---|
boolean | True if the password matches the encoded hash, False otherwise |
encode()
@classmethod
def encode(
password: string,
salt: string
) - > string
Create an encoded database value. The result is normally formatted as "algorithm$salt$hash" and must be fewer than 128 characters.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to be hashed |
| salt | string | The cryptographically secure salt to use during hashing |
Returns
| Type | Description |
|---|---|
string | The formatted string containing the algorithm, salt, and resulting hash |
decode()
@classmethod
def decode(
encoded: string
) - > dict
Return a decoded database value. The result is a dictionary and should contain algorithm, hash, and salt.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to be parsed |
Returns
| Type | Description |
|---|---|
dict | A dictionary mapping component names like 'algorithm' and 'salt' to their extracted values |
safe_summary()
@classmethod
def safe_summary(
encoded: string
) - > dict
Return a summary of safe values. The result is a dictionary and will be used where the password field must be displayed to construct a safe representation of the password.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to summarize |
Returns
| Type | Description |
|---|---|
dict | A dictionary of non-sensitive metadata about the hash suitable for administrative displays |
must_update()
@classmethod
def must_update(
encoded: string
) - > boolean
Determines if the provided encoded hash should be re-hashed using updated parameters or a different algorithm.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to evaluate for obsolescence |
Returns
| Type | Description |
|---|---|
boolean | True if the hash is outdated and needs updating, False otherwise |
harden_runtime()
@classmethod
def harden_runtime(
password: string,
encoded: string
)
Bridge the runtime gap between the work factor supplied in encoded and the work factor suggested by this hasher.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password used for additional computational work |
| encoded | string | The existing encoded hash containing the original work factor |