diff options
author | Martin Panter <vadmium+py@gmail.com> | 2016-02-22 09:21:49 (GMT) |
---|---|---|
committer | Martin Panter <vadmium+py@gmail.com> | 2016-02-22 09:21:49 (GMT) |
commit | bc85e35fe66edf18c7998d98bfa5682a9cbb0269 (patch) | |
tree | 7679728da2bddfd67ef21757a1b0bdcb9c28239d /Doc/library | |
parent | 8c16cb9f65bfc7d732bc6bd3f533856795a95690 (diff) | |
download | cpython-bc85e35fe66edf18c7998d98bfa5682a9cbb0269.zip cpython-bc85e35fe66edf18c7998d98bfa5682a9cbb0269.tar.gz cpython-bc85e35fe66edf18c7998d98bfa5682a9cbb0269.tar.bz2 |
Issue #26390: Fix and test pbkdf2_hmac() parameter names
Based on patch by Daan Bakker.
Diffstat (limited to 'Doc/library')
-rw-r--r-- | Doc/library/hashlib.rst | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index 769f96f..73a7555 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -185,22 +185,23 @@ brute-force attacks. A good password hashing function must be tunable, slow, and include a `salt <https://en.wikipedia.org/wiki/Salt_%28cryptography%29>`_. -.. function:: pbkdf2_hmac(name, password, salt, rounds, dklen=None) +.. function:: pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) The function provides PKCS#5 password-based key derivation function 2. It uses HMAC as pseudorandom function. - The string *name* is the desired name of the hash digest algorithm for + The string *hash_name* is the desired name of the hash digest algorithm for HMAC, e.g. 'sha1' or 'sha256'. *password* and *salt* are interpreted as buffers of bytes. Applications and libraries should limit *password* to - a sensible value (e.g. 1024). *salt* should be about 16 or more bytes from + a sensible length (e.g. 1024). *salt* should be about 16 or more bytes from a proper source, e.g. :func:`os.urandom`. - The number of *rounds* should be chosen based on the hash algorithm and - computing power. As of 2013, at least 100,000 rounds of SHA-256 is suggested. + The number of *iterations* should be chosen based on the hash algorithm and + computing power. As of 2013, at least 100,000 iterations of SHA-256 are + suggested. *dklen* is the length of the derived key. If *dklen* is ``None`` then the - digest size of the hash algorithm *name* is used, e.g. 64 for SHA-512. + digest size of the hash algorithm *hash_name* is used, e.g. 64 for SHA-512. >>> import hashlib, binascii >>> dk = hashlib.pbkdf2_hmac('sha256', b'password', b'salt', 100000) |