Replace pbkdf2 with bcrypt (#16071)

mirror of https://github.com/home-assistant/core.git synced 2025-12-24 12:59:34 +00:00

* Replace pbkdf2 with bcrypt

bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.

  * the hash verification routine now only computes one hash per call
  * a per-user salt is built into the hash as opposed to the current
  global salt
  * bcrypt.checkpw() is immune to timing attacks regardless of input
  * hash strength is a function of real time benchmarks and a
  "difficulty" level, meaning we won't have to ever update the iteration
  count

* WIP: add hash upgrade mechanism

* WIP: clarify decode issue

* remove stale testing code

* Fix test

* Ensure incorrect legacy passwords fail

* Add better invalid legacy password test

* Lint

* Run tests in async scope

This commit is contained in:

Matt Hamilton

2018-08-26 16:50:31 -04:00

committed by

Paulus Schoutsen

parent 47755fb1e9

commit bacecb4249

5 changed files with 135 additions and 8 deletions

									
										1

setup.py
									
												View File
												
				@@ -36,6 +36,7 @@ REQUIRES = [

				    'astral==1.6.1',

				    'async_timeout==3.0.0',

				    'attrs==18.1.0',

				    'bcrypt==3.1.4',

				    'certifi>=2018.04.16',

				    'jinja2>=2.10',

				    'PyJWT==1.6.4',

Replace pbkdf2 with bcrypt (#16071)

1 setup.py Unescape Escape View File

1

setup.py

View File