A python abstraction to generate and authenticate hashes of passwords and files of any type. The package can also be used to implement classic and Time Based OTPs.
- Use the package manager pip to install the python modules required.
$ pip install AuthAlpha
-
By default,
AuthAlpha
does NOT download all of its dependencies. This is the expected behaviour. -
In almost all use-cases a user only utilizes a single hash function.
AuthAlpha
leaves this choice to the user. -
Password_Hashing.py->PassHashing
supportsargon2id
,pbkdf2
,bcrypt
andscrypt
.- None of these will be downloaded by default. Add them to your environemnt as you please.
$ pip install argon2-cffi
$ pip install bcrypt
$ pip install scrypt
-
PBKDF2
and its dependencies are already in the in-builthashlib
module. -
OTPMethods.py
requirespyotp
andpycryptodome
packages to generateTOTPs
.$ pip install pyotp $ pip install pycryptodome
- See the Tests directory to see the detailed usage of every class and method.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Addition of a new algorithm/class/method must be documented. Add a file named like 'Test_[Algorithm].py' under 'Tests' directory to demonstrate and test the working of the algorithm.
Contributor names and contact info
- Mayank vats : Theorist-git
See commit history
-
0.8.6a
bcrypt
salts now do not need to be formatted toAuthAlpha
style hashes.- Refactored code. Removed redundant code.
- Removed redundant install dependencies. The end user now controls the packages required. See
Installation
section.
-
0.8.5a
Non_Password_Hashing
class can now generate hashes for strings as well.- Added new test for
Non_Password_Hashing
. - Minor enhancements to
Test_FileHashing.py
. FixedPEP
Warnings inPassword_hashing.py
-
0.8.4a
- Added check for correct salt in custom salt.(For some reason the salt must end with
.
,O
,e
oru
inbcrypt
)- With a
16 bytes
salt,2 padding bytes
are appended. Of the128 bits
of the salt,126 bits
can be grouped into21 blocks of 6 bits
each. The last two bits can only form the blocks000000
,010000
,100000
and110000
, which are mapped to the chars.
,O
,e
andu
in thebcrypt Base64 variant
. All following blocks consist of zero bits due to padding and are ignored by the bcrypt Base64 variant. This is the reason why all salts generated withgensalt()
contain one of these 4 chars at the end. The salt with any other ending sequence is not a regular bcrypt Base64 encoding and thus not valid. P.S
: Bug couldn't be replicated on Windows, AuthAlpha for now imposes that bcrypt salts must end with aforementioned characters.- See Stackoverflow-link/0.8.4a-Bug
- With a
- Added pycryptodome to project requirements. It will now be downloaded automatically by pip during installation.
- Added check for correct salt in custom salt.(For some reason the salt must end with
-
0.8.3a
- Added support for custom salts to
bcrypt
. - Added
__repr__
and__str__
methods to all classes. - Fixed bug in
bcrypt
hash checks where entirehash+salt
was being passed as salt. - Minor code enhancements.
- Added support for custom salts to
-
0.8.2a
- Introduced stricter type casting to
PassHashing
class resulting in cleaner code and lower chances of runtime errors.
- Introduced stricter type casting to
-
0.8.1a
pbkdf2
code optimizations, re-wrote tests.
-
0.8.0a
- Added
Encryption
andDecryption
support inOTPMethods.py
for TOTP tokens.
- Added
-
0.7.0a
- Added OTP methods, updated email and README.md.
-
0.6.3a
- Added project to PyPI.
-
0.6.2a
- Fixed
scrypt
non-custom-hash, split the class into two to improve performance
- Fixed
-
0.6.1a
- Minor Code Optimizations
-
0.6a
- Added functionality to generate and check hashes of files.
AuthAlpha.py
SHA256 hash of this commit are in the fileIntegrity.txt
. It will be updated with every commit.
-
0.5a
- Added customizable cost parameters for
bcrypt
,scrypt
andPBKDF2:SHA
family.
- Added customizable cost parameters for
-
0.4a
- Added support for
scrypt
- Added support for
-
0.3a
- Added support for
bcrypt
- Added support for
-
0.2a
- Added support for
PBKDF2:SHA
family - Enhanced and optimized code
- Added support for
-
0.1a
- Initial Release
-
P.S: 0.1a means version 0.1 alpha
TBD In the meanwhile you can review the code, it is fully commented.
- After downloading, make sure you have the un-tampered files with you, check Integrity.txt to check the hashes of the AuthAlpha file match with the ones you have. If they do not match, contact the author(s) immediately at dev-theorist.e5xna@simplelogin.com.
This project is licensed under the GNU GPLv3 License - see LICENSE.txt file for more details.
Copyright (C) 2021-2023 Mayank Vats