my eye
Angelo Gladding
Hacker for right homesteading the web.
@ragt.ag@angelo@ragt.agangelo@ragt.ag@tyosxbghzcf5

passphrases.py

Raw

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

"""Passphrase functionality."""

import hashlib
import hmac
import json
import pathlib
import secrets

import Crypto.Random

__all__ = ["generate_passphrase", "verify_passphrase"]


random = secrets.SystemRandom()


def generate_passphrase():
    """
    Generate a new randomly-generated wordlist passphrase.

    `passphrase_words` is a list of generated words.

    EFF's large wordlist [1] for passphrase generation.

    [1]: https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt

    """
    with (pathlib.Path(__file__).parent / "passphrases.json").open() as fp:
        wordlist = json.load(fp)
    passphrase_words = list()
    while len(passphrase_words) < 7:
        passphrase_words.append(random.choice(wordlist))
    passphrase = "".join(passphrase_words)
    salt = Crypto.Random.get_random_bytes(64)
    return (
        salt,
        hashlib.scrypt(
            passphrase.encode("utf-8"), salt=salt, n=2048, r=8, p=1, dklen=32
        ),
        passphrase_words,
    )


def verify_passphrase(salt, scrypt_hash, passphrase):
    """
    Verify passphrase.

    `passphrase` should be concatenation of generated words, without spaces

    """
    return hmac.compare_digest(
        hashlib.scrypt(
            passphrase.encode("utf-8"), salt=salt, n=2048, r=8, p=1, dklen=32
        ),
        scrypt_hash,
    )