Link Search Menu Expand Document

Hashlib

Table of contents

  1. Hashlib
    1. Hashlib.sha256(string)
    2. Hashlib.hmac(string: key, string: payload, boolean: raw -> optional)
    3. Hashlib.bcrypt(string, number: rounds -> optional)
    4. Hashlib.bcryptVerify(string: plainText, string: hash)
    5. Hashlib.verify(string: hash, string: hash)

Hashlib

To make use of the Hashlib module an import is required.

import Hashlib;

Hashlib.sha256(string)

Hashes a given string using the SHA-256 algorithm.

Hashlib.sha256("Dictu"); // 889bb2f43047c331bed74b1a9b309cc66adff6c6d4c3517547813ad67ba8d105

Hashlib.hmac(string: key, string: payload, boolean: raw -> optional)

Generate a HMAC using the SHA-256 algorithm. The raw optional argument determines whether the output will be in raw bytes or whether it will be in a string format, default is string format (false).

Hashlib.hmac("supersecretkey", "my message"); // 2dd2a27b79858666b9d9ba3cf73f1c84f5722415f9543d007fa73e081d02483a
Hashlib.hmac("supersecretkey", "my message", true); // <bytes>

Hashlib.bcrypt(string, number: rounds -> optional)

Hashes a given string using the bcrypt algorithm. The rounds optional argument is the amount of rounds used to generate the hashed string, default is 8.

Hashlib.bcrypt("my message"); // $2b$08$mkI2fcaukY0XX3qlpdtBgeXq7pAUr2bUw4Z1OkmncuibJ0aHAyLRS
Hashlib.bcrypt("my message", 2); // $2b$04$pNdfFWIV2r31vmQmJOSwNe/CHupV/wpOHmmwsDjCZi45w8ttjA/WW

Hashlib.bcryptVerify(string: plainText, string: hash)

This verifies a given bcrypt hash matches the plaintext input with a boolean return value. The comparison method used is timing safe.

Hashlib.bcryptVerify("my message", "$2b$08$mkI2fcaukY0XX3qlpdtBgeXq7pAUr2bUw4Z1OkmncuibJ0aHAyLRS"); // true
Hashlib.bcryptVerify("my message", "$2b$04$pNdfFWIV2r31vmQmJOSwNe/CHupV/wpOHmmwsDjCZi45w8ttjA/WW"); // true
Hashlib.bcryptVerify("my message", "wrong"); // false

Hashlib.verify(string: hash, string: hash)

Timing safe hash comparison. This should always be favoured over normal string comparison.

Hashlib.verify(Hashlib.sha256("Dictu"), "889bb2f43047c331bed74b1a9b309cc66adff6c6d4c3517547813ad67ba8d105"); // true
Hashlib.verify(Hashlib.sha256("Dictu"), "wrong"); // false

This site uses Just The Docs, with modifications.