63 lines
1.0 KiB
Plaintext
63 lines
1.0 KiB
Plaintext
== Why is this an issue?
|
|
|
|
include::../description.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
=== Noncompliant code example
|
|
|
|
hashlib
|
|
|
|
[source,python]
|
|
----
|
|
import crypt
|
|
from hashlib import pbkdf2_hmac
|
|
|
|
hash = pbkdf2_hmac('sha256', password, b'D8VxSmTZt2E2YV454mkqAY5e', 100000) # Noncompliant: salt is hardcoded
|
|
----
|
|
|
|
crypt
|
|
|
|
[source,python]
|
|
----
|
|
hash = crypt.crypt(password) # Noncompliant: salt is not provided
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
hashlib
|
|
|
|
[source,python]
|
|
----
|
|
import crypt
|
|
from hashlib import pbkdf2_hmac
|
|
|
|
salt = os.urandom(32)
|
|
hash = pbkdf2_hmac('sha256', password, salt, 100000) # Compliant
|
|
----
|
|
|
|
crypt
|
|
|
|
[source,python]
|
|
----
|
|
salt = crypt.mksalt(crypt.METHOD_SHA256)
|
|
hash = crypt.crypt(password, salt) # Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|