API calls below allow for hashing of password and other secrets using strong cryptography methods. For instance, if there is a need to securely save a user's password to the database and later verify it - this is the API to use.
Implementation-wise, the key derivation function for hashing is PBKDF2-512. Defaults are salt size of 64 bytes (512 bits) and 120,000 of hash rounds.
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# Suppose there is a password to hash
data = 'C61mBoPzpa2sA'
# Log data to be manipulated
self.logger.info('Data `%s`', data)
# Hash it - the result can be saved to
# some kind of storage in order to verify it later on
hashed = self.crypto.hash_secret(data)
# Log the resulting form
self.logger.info('Hashed `%s`', hashed)
To verify a hashed value, it first needs to be loaded from storage and then compared to incoming data, e.g. to a password that the user sent in.
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# This function should load the hashed from, e.g. from a database
hashed = load_hashed()
# This is the data to be checked against the hashed value,
# e.g. a user's password
data = load_data()
# Returns a boolean flag to indicate if verification succeeeded
is_valid = self.crypto.verify_hash(data, hashed)
# -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class MyService(Service):
def handle(self):
# Data to hash
data = '1234567890'
# Log data to be manipulated
self.logger.info('Data `%s`', data)
# Hash it
hashed = self.crypto.hash_secret(data)
# Log the resulting form
self.logger.info('Hashed `%s`', hashed)
# Verify the hash
is_valid = self.crypto.verify_hash(data, hashed)
# Will be True
self.logger.info('Is correct `%s`', is_valid)
# Verify the hash, using invalid input
is_valid = self.crypto.verify_hash('invalid', hashed)
# Will be False
self.logger.info('Is correct `%s`', is_valid)
Other crypto APIs: