Validate in python password against an Scrypt combined hash: (Settings+Salt+Hash)

Question

Is there any Python library that can validate a password against a Hash having embedded the settings & salt (like com.lambdaworks.crypto.SCryptUtil.check(pass, hash) in Java)?

For example, pass123 should be valid against $s0$e1010$Hcxkdy8NyRZt6hCnNsDyhQ==$KG8hw/i7zDbVtwtuJfUHlo1vw+qrshDYMq6XlfYW0rg=

Answer 1

Anyway, since scrypt here suggests this, I ended up implementing it like that:

import scrypt
import base64
import math


def verify_password(password, password_check):

    parts = password_check.split("$")
    params = int(parts[2], 16)
    N = int(math.pow(2.0, float((params >> 16 & 65535))))
    r = int(params >> 8 & 255)
    p = int(params & 255)
    salt = base64.b64decode(parts[3])
    decoded_hash = base64.b64decode(parts[4])
    
    return decoded_hash == scrypt.hash(password, salt=salt, N=N, r=r, p=p, buflen=32)


print(verify_password("pass123", "$s0$e1010$Hcxkdy8NyRZt6hCnNsDyhQ==$KG8hw/i7zDbVtwtuJfUHlo1vw+qrshDYMq6XlfYW0rg="))

Answer 2

In Python we have hashlib to work with hashes. You'll have to write some logic to setup a function that checks a given list of passwords against the hash of your choosing.

import hashlib 

def pass_match(password,password_check):

    foo = hashlib.sha_256()
    foo.update(password)
    if foo.retrieve() == password_check:
        return true

    return false

This is of course a very poor implementation meant as a code example. I leave cleaning it up to you as homework! Read more about hashlib here: https://docs.python.org/3/library/hashlib.html