Francisco Couzo
5ea1621c72
Fixed #31985 -- Corrected salted_hmac()'s docstring about supported algorithms.
...
salted_hmac() validates supported algorithms by checking hashlib
methods.
2020-09-07 10:59:36 +02:00
Mariusz Felisiak
3c35825009
Fixed typo in django/utils/crypto.py.
2020-03-11 14:38:27 +01:00
Claude Paroz
e663f695fb
Fixed #31359 -- Deprecated get_random_string() calls without an explicit length.
2020-03-11 13:16:44 +01:00
Claude Paroz
50cf183d21
Refs #27468 -- Added algorithm parameter to django.utils.crypto.salted_hmac().
2020-01-27 12:42:21 +01:00
Mariusz Felisiak
c5e373d48c
Fixed obsolete comment in django.utils.crypto.salted_hmac().
...
Obsolete since 13864703bc
.
2020-01-15 12:53:21 +01:00
Nick Pope
1d0bab0bfd
Fixed #27635 -- Used secrets module in django.utils.crypto.
2019-05-20 11:21:22 +02:00
Nick Pope
068005a349
Refs #27635 -- Removed fallback when SystemRandom() isn't available that doesn't work.
...
Fallback was untested and likely never triggered.
2019-05-20 11:21:22 +02:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Anton Samarchyan
9718fa2e8a
Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.
2017-02-11 16:11:08 -05:00
Tim Graham
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Tim Graham
d4bb37593e
Refs #23919 -- Removed obsolete compare_digest() and pbkdf2() implementations.
2017-01-19 11:55:23 -05:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami
0a63ef3f61
Fixed #27463 -- Fixed E741 flake8 warnings.
2016-11-14 17:40:28 -05:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Michael Hall
895dc880eb
Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range
2014-12-13 12:45:58 -05:00
Alex Gaynor
6732566967
Bump the default iterations for PBKDF2.
...
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
2014-07-11 22:43:26 -07:00
Alex Gaynor
875ce287e2
Note that the stdlib's version of pbkdf2_hmac will also be used in the upcoming Python 2.7.8 release
2014-05-31 13:50:07 -07:00
Florian Apolloner
7e3cf3cfd2
Fixed constant_time_compare on Python 2.7.7
...
Python 2.7.7 includes compare_digest in the hmac module, but it requires
both arguments to have the same type. This is usually not a problem on
Python 3 since everything is text, but we have mixed unicode and str on
Python 2 -- hence make sure everything is bytes before feeding it into
compare_digest.
2014-05-28 19:51:39 +02:00
Alex Gaynor
58176dee88
Use the stdlib's compare_digest for constant time comparisons when available
2014-04-22 14:45:00 -07:00
Alex Gaynor
21a1fddcc4
Typo fix
2014-04-17 11:04:57 -07:00
Alex Gaynor
cb68eb3e6d
Use the stdlib's PBKDF2 implementation when available.
...
This is a bit faster than ours, which is good, because it lets you increase
the iteration counts.
This will be used on Python 3.4+, and, pending the acceptance of PEP466, on
newer Python 2.7s.
2014-04-17 11:02:42 -07:00
MattBlack85
a8ba76c2d3
Fixed #19980 : Signer broken for binary keys (with non-ASCII chars).
...
With this pull request, request #878 should considered closed.
Thanks to nvie for the patch.
2014-02-16 16:50:50 +01:00
Alex Gaynor
8a0489221e
Flake8 fixes
2013-11-05 09:17:50 -08:00
Alex Gaynor
8ecba51ea0
Simplify (and very very slightly speed up) the pbkdf2 implementation
2013-11-04 09:45:27 -08:00
Florian Apolloner
1e4f53a6eb
Fixed #21253 -- PBKDF2 with cached HMAC key
...
This gives a 2x speed increase compared to the existing implementation.
Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it.
2013-10-21 19:54:47 +02:00
Alasdair Nicol
a800036981
Fixed #21287 -- Fixed E123 pep8 warnings
2013-10-18 10:07:39 +01:00
Florian Apolloner
68540fe4df
Fixed #21138 -- Increased the performance of our PBKDF2 implementation.
...
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.
2013-09-24 21:06:26 +02:00
Paul McMillan
a075e2ad0d
Increase default PBKDF2 iterations
...
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
2013-09-19 18:02:25 +01:00
Simon Charette
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
Alex Gaynor
09d0568697
Switched to using some constants the hmac module exposes.
2013-06-02 10:31:38 -07:00
Aymeric Augustin
7cf0f04230
Clarified that constant_time_compare doesn't protect string lengths.
2013-03-18 09:45:44 +01:00
Łukasz Langa
40b9f4fb8b
[py3] Always fed hashlib with bytes.
2013-02-27 10:02:07 +01:00
Claude Paroz
ebc773ada3
Replaced many smart_bytes by force_bytes
...
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Aymeric Augustin
e89bc39935
Reverted type check added in 62954ba04c
.
...
Refs #17040 .
2012-08-21 09:00:55 +02:00
Aymeric Augustin
62954ba04c
[py3] Fixed #17040 -- ported django.utils.crypto.constant_time_compare.
...
This is a private API; adding a type check is acceptable.
2012-08-20 22:50:49 +02:00
Aymeric Augustin
127b461b11
[py3] Ported django.utils.crypto.
2012-08-07 12:00:23 +02:00
Aymeric Augustin
c5ef65bcf3
[py3] Ported django.utils.encoding.
...
* Renamed smart_unicode to smart_text (but kept the old name under
Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
and smart_bytes under Python 2 (which is backwards compatible).
Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz
690cabe203
Used a Python 3-compatible syntax for building a translation table
2012-07-22 18:05:53 +02:00
Aymeric Augustin
a84d79f572
[py3] Added Python 3 compatibility for xrange.
2012-07-22 09:29:56 +02:00
Aymeric Augustin
56dbe924a6
[py3] Removed longs.
2012-07-22 09:29:53 +02:00
Claude Paroz
4a103086d5
Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
...
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Claude Paroz
eb286aa22f
Delayed encoding of password and salt in password checking.
...
Applied the rule that string encoding should happen as late as
possible. This is also a preparation for Python 3 compatibility.
2012-06-06 10:53:16 +02:00
Claude Paroz
35e6585568
Imported reduce from functools for forward compatibility.
...
In Python 3, reduce has to be imported from functools.
2012-05-20 00:25:46 +02:00
Claude Paroz
38408f8007
Marked bytestrings with b prefix. Refs #18269
...
This is a preparation for unicode literals general usage in
Django (Python 3 compatibility).
2012-05-19 17:43:34 +02:00
Paul McMillan
1525874238
Improved get_random_string().
...
Improved the behavior of get_random_string to re-seed itself each time it is called
if the system does not have a secure random number generator. This will change the
properties of the random string produced, but will be unpredictable to an attacker.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17581 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-23 22:51:14 +00:00
Paul McMillan
239e41f7c5
Cleanup to use get_random_string consistently.
...
Removes several ad hoc implementations of get_random_string()
and removes an innapropriate use of settings.SECRET_KEY.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-23 21:39:12 +00:00
Paul McMillan
a77679dfaa
Fixes #16827 . Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-11 04:18:15 +00:00
Paul McMillan
1030d66a14
Fixed #17481 . pbkdf2 hashes no longer ommit leading zeros.
...
Some existing user passwords may need to be reset or converted
after this change. See the 1.4-beta release notes for more details.
Thanks bhuztez for the report and initial patch, claudep for the test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-02 04:44:17 +00:00