Metadata-Version: 2.1
Name: z3c.bcrypt
Version: 2.0.1
Summary: Password manager utility using bcrypt or pbkdf2 encoding. Useful in combination with zope.password
Home-page: http://github.com/zopefoundation/z3c.bcrypt
Author: The Health Agency and the Zope Community
Author-email: zope3-dev@zope.org
License: ZPL 2.1
Description: ============
         z3c.bcrypt
        ============
        
        .. warning:: z3c.bcrypt has been superseeded with the new version of
                    `zope.password`_ as it now includes `bcrypt` support based on
                    the well-maintained `bcrypt`_ library. Please don't use
                    this package in new projects.
        
        z3c.bcrypt provides `zope.password`_ compatible "password manager" utilities
        that use bcrypt (or alternatively pbkdf2) encoding for storing passwords.
        
        Both encoding schemes are implemented in the cryptacular_ library that is
        a dependency for this package.
        
        .. _`zope.password`: https://pypi.org/project/zope.password/
        .. _cryptacular: https://pypi.org/project/cryptacular/
        .. _`bcrypt`: https://pypi.org/project/bcrypt/
        
        
        ==================
         Using z3c.bcrypt
        ==================
        
            >>> from zope.interface.verify import verifyObject
            >>> from zope.password.interfaces import IPasswordManager
            >>> from z3c.bcrypt import BcryptPasswordManager
            >>> manager = BcryptPasswordManager()
            >>> verifyObject(IPasswordManager, manager)
            True
        
            >>> password = u"right \N{CYRILLIC CAPITAL LETTER A}"
        
            >>> encoded = manager.encodePassword(password)
            >>> encoded
            '$2a$...'
            >>> manager.checkPassword(encoded, password)
            True
            >>> manager.checkPassword(encoded, password + u"wrong")
            False
        
            >>> from z3c.bcrypt import PBKDF2PasswordManager
            >>> manager = PBKDF2PasswordManager()
            >>> verifyObject(IPasswordManager, manager)
            True
        
            >>> encoded = manager.encodePassword(password)
            >>> encoded
            u'$p5k2$...'
            >>> manager.checkPassword(encoded, password)
            True
            >>> manager.checkPassword(encoded, password + u"wrong")
            False
        
            >>> # A previously encoded password, should be decodable even if the
            >>> # current encoding of the same password is different::
            >>> previouslyencoded = (
            ...     '$p5k2$1000$LgAFPIlc9CgrlSaxHyTUMA='
            ...     '=$IuUYplhMkR4qCl8-ONRVjEgJNwE=')
            >>> encoded == previouslyencoded
            False
            >>> manager.checkPassword(previouslyencoded , password)
            True
        
        Excessively long "passwords" will take up a lot of computation time that
        can be used as a DOS attack vector. The password managers in z3c.bcrypt will
        only use the first 4096 characters of the incoming password for checking.
        
        This is inspired by:
        
          https://www.djangoproject.com/weblog/2013/sep/15/security/
        
        This test would take significantly longer if the 4096 length limit would
        not be in place. XXX how to test that reliably?
        
            >>> incomming = '$p5k2$1000$' + 'a' * 1024 * 1024 * 100  # lot of data.
            >>> manager.checkPassword(encoded, incomming)
            False
        
        Configuration
        =============
        
        This package provides a ``configure.zcml`` which installs
        implementations of the ``IPasswordManager`` as utilities:
        
            >>> from zope.configuration import xmlconfig
            >>> _ = xmlconfig.string("""
            ... <configure
            ...    xmlns="http://namespaces.zope.org/zope">
            ...
            ...    <include package="z3c.bcrypt" />
            ... </configure>
            ... """)
        
            >>> from zope import component
            >>> from zope.password.interfaces import IPasswordManager
            >>> component.getUtility(IPasswordManager, name='bcrypt')
            <z3c.bcrypt.passwordmanager.BcryptPasswordManager object at ...>
            >>> component.getUtility(IPasswordManager, name='pbkdf2')
            <z3c.bcrypt.passwordmanager.PBKDF2PasswordManager object at ...>
        
        
        =========================
         Changelog of z3c.bcrypt
        =========================
        
        2.0.1 (2018-08-01)
        ==================
        
        - Package is deprecated in favor of `zope.password`_.
        
        2.0.0 (2017-05-10)
        ==================
        
        - Standardize namespace __init__.
        
        - Add support for Python 3.4, 3.5, 3.6 and PyPy.
        
        1.2 (2013-10-10)
        ================
        
        - Only verify the first 4096 characters of a password to prevent
          denial-of-service attacks through repeated submission of large
          passwords, tying up server resources in the expensive computation
          of the corresponding hashes.
        
          See: https://www.djangoproject.com/weblog/2013/sep/15/security/
        
        1.1 (2010-02-22)
        ================
        
        - Fixes in the configure.zcml.
        
        1.0 (2010-02-18)
        ================
        
        - Initial public release.
        
        .. _`zope.password`: https://pypi.org/project/zope.password/
        
        
        
Keywords: zope authentication password bcrypy pbkdf2
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope3
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Provides-Extra: test
