mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-28 11:15:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-42982: update pbkdf2 example & add another link (GH-30966)

Browse source 
Automerge-Triggered-By: GH:gpshead
This commit is contained in:
Gregory P. Smith 2022-01-27 12:18:28 -08:00 committed by GitHub
parent 26b0482393
commit ace0aa2a27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Doc/library/hashlib.rst
View file

@ -251,15 +251,17 @@ include a `salt <https://en.wikipedia.org/wiki/Salt_%28cryptography%29>`_.
The number of *iterations* should be chosen based on the hash algorithm and The number of *iterations* should be chosen based on the hash algorithm and
computing power. As of 2022, hundreds of thousands of iterations of SHA-256 computing power. As of 2022, hundreds of thousands of iterations of SHA-256
are suggested. For rationale as to why and how to choose what is best for are suggested. For rationale as to why and how to choose what is best for
your application, read *Appendix A.2.2* of NIST-SP-800-132_. your application, read *Appendix A.2.2* of NIST-SP-800-132_. The answers
on the `stackexchange pbkdf2 iterations question`_ explain in detail.
*dklen* is the length of the derived key. If *dklen* is ``None`` then the *dklen* is the length of the derived key. If *dklen* is ``None`` then the
digest size of the hash algorithm *hash_name* is used, e.g. 64 for SHA-512. digest size of the hash algorithm *hash_name* is used, e.g. 64 for SHA-512.
>>> import hashlib >>> from hashlib import pbkdf2_hmac
>>> dk = hashlib.pbkdf2_hmac('sha256', b'password', b'salt', 100000) >>> our_app_iters = 500_000 # Application specific, read above.
>>> dk = pbkdf2_hmac('sha256', b'password', b'bad salt'*2, our_app_iters)
>>> dk.hex() >>> dk.hex()
'0394a2ede332c9a13eb82e9b24631604c31df978b4e2f0fbd2c549944f9d79a5' '15530bba69924174860db778f2c6f8104d3aaf9d26241840c8c4a641c8d000a9'
.. versionadded:: 3.4 .. versionadded:: 3.4
@ -733,7 +735,7 @@ Domain Dedication 1.0 Universal:
.. _ChaCha: https://cr.yp.to/chacha.html .. _ChaCha: https://cr.yp.to/chacha.html
.. _pyblake2: https://pythonhosted.org/pyblake2/ .. _pyblake2: https://pythonhosted.org/pyblake2/
.. _NIST-SP-800-132: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf .. _NIST-SP-800-132: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
.. _stackexchange pbkdf2 iterations question: https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pbkdf2-sha256/
.. seealso:: .. seealso::