20 lines
782 B
Python
20 lines
782 B
Python
import hashlib
|
|
import hmac
|
|
|
|
|
|
def salt_for_username(username: str) -> bytes:
|
|
"""Derive a per-username salt using SHA-256(username).
|
|
|
|
The salt is deterministic for a given username and does not require storage.
|
|
"""
|
|
return hashlib.sha256(username.encode('utf-8')).digest()
|
|
|
|
|
|
def derive_password(password_plain: str, salt: bytes, iterations: int = 100_000, dklen: int = 32) -> bytes:
|
|
"""PBKDF2-SHA256 derive a fixed-length secret from a plaintext password and salt."""
|
|
return hashlib.pbkdf2_hmac('sha256', password_plain.encode('utf-8'), salt, iterations, dklen=dklen)
|
|
|
|
|
|
def hmac_sha256(key: bytes, message: bytes) -> bytes:
|
|
"""Compute HMAC-SHA256 signature for the given message using key bytes."""
|
|
return hmac.new(key, message, hashlib.sha256).digest() |