Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #21138 -- Increased the performance of our PBKDF2 implementation.

Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.
  • Loading branch information...
commit 68540fe4df44492571bc610a0a043d3d02b3d320 1 parent 5d74853
Florian Apolloner authored September 17, 2013

Showing 1 changed file with 7 additions and 3 deletions. Show diff stats Hide diff stats

  1. 10  django/utils/crypto.py
10  django/utils/crypto.py
@@ -123,9 +123,8 @@ def _fast_hmac(key, msg, digest):
123 123
     This function operates on bytes.
124 124
     """
125 125
     dig1, dig2 = digest(), digest()
126  
-    if len(key) > dig1.block_size:
127  
-        key = digest(key).digest()
128  
-    key += b'\x00' * (dig1.block_size - len(key))
  126
+    if len(key) != dig1.block_size:
  127
+        raise ValueError('Key size needs to match the block_size of the digest.')
129 128
     dig1.update(key.translate(hmac.trans_36))
130 129
     dig1.update(msg)
131 130
     dig2.update(key.translate(hmac.trans_5C))
@@ -161,6 +160,11 @@ def pbkdf2(password, salt, iterations, dklen=0, digest=None):
161 160
 
162 161
     hex_format_string = "%%0%ix" % (hlen * 2)
163 162
 
  163
+    inner_digest_size = digest().block_size
  164
+    if len(password) > inner_digest_size:
  165
+        password = digest(password).digest()
  166
+    password += b'\x00' * (inner_digest_size - len(password))
  167
+
164 168
     def F(i):
165 169
         def U():
166 170
             u = salt + struct.pack(b'>I', i)

0 notes on commit 68540fe

Please sign in to comment.
Something went wrong with that request. Please try again.