ScryptPasswordHasher
Secure password hashing using the Scrypt algorithm.
Attributes
| Attribute | Type | Description |
|---|---|---|
| algorithm | string = "scrypt" | The identifier for the hashing algorithm used to label the encoded password string. |
| block_size | integer = 8 | The block size parameter (r) for the scrypt algorithm which controls the memory footprint. |
| maxmem | integer = 0 | The maximum amount of memory in bytes that the scrypt algorithm is allowed to use. |
| parallelism | integer = 5 | The parallelism parameter (p) for the scrypt algorithm which defines the number of threads to use. |
| work_factor | integer = 16384 | The CPU/memory cost parameter (n) for the scrypt algorithm which must be a power of two. |
Methods
encode()
@classmethod
def encode(
password: string,
salt: string,
n: integer = None,
r: integer = None,
p: integer = None
) - > string
Generates a secure scrypt hash string from a raw password and salt using specified or default cost factors.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to be hashed. |
| salt | string | A unique string used to seed the hash and protect against rainbow table attacks. |
| n | integer = None | The CPU/memory cost factor (work factor), which must be a power of two. |
| r | integer = None | The block size parameter, which controls the memory footprint of the hashing operation. |
| p | integer = None | The parallelism factor, which determines the number of threads to use during computation. |
Returns
| Type | Description |
|---|---|
string | A formatted string containing the algorithm, cost factors, salt, and the base64-encoded hash, separated by dollar signs. |
decode()
@classmethod
def decode(
encoded: string
) - > object
Parses an encoded scrypt hash string into its constituent components and cost factors.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The formatted hash string to be decomposed. |
Returns
| Type | Description |
|---|---|
object | A dictionary containing the algorithm name, work factor, salt, block size, parallelism, and the raw hash string. |
verify()
@classmethod
def verify(
password: string,
encoded: string
) - > boolean
Validates a raw password against an existing encoded hash using a constant-time comparison to prevent timing attacks.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to verify. |
| encoded | string | The previously generated hash string to compare against. |
Returns
| Type | Description |
|---|---|
boolean | True if the password matches the hash, False otherwise. |
safe_summary()
@classmethod
def safe_summary(
encoded: string
) - > object
Provides a human-readable summary of the hash configuration while masking sensitive salt and hash data.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to summarize. |
Returns
| Type | Description |
|---|---|
object | A dictionary of descriptive labels and values suitable for logging or administrative displays. |
must_update()
@classmethod
def must_update(
encoded: string
) - > boolean
Determines if an encoded hash needs to be re-hashed because its cost factors differ from the current class defaults.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to evaluate for obsolescence. |
Returns
| Type | Description |
|---|---|
boolean | True if the work factor, block size, or parallelism do not match current settings, indicating an update is required. |
harden_runtime()
@classmethod
def harden_runtime(
password: string,
encoded: string
)
Placeholder method for runtime hardening; currently performs no operation as Scrypt runtime complexity is difficult to normalize.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password. |
| encoded | string | The encoded hash string. |