Forked from christianclinton/gist:faa1aef119a0919aeb2e
Last active
August 20, 2018 05:36
-
-
Save timb07/7fa21389a5eb215b5d1f9fd8580a444f to your computer and use it in GitHub Desktop.
RabbitMQ Password Hash - Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import hashlib | |
import binascii | |
# Utility methods for generating and comparing RabbitMQ user password hashes. | |
# | |
# Rabbit Password Hash Algorithm (using SHA-256): | |
# | |
# Generate a random 32 bit salt: | |
# 908D C60A | |
# | |
# Concatenate that with the UTF-8 representation of the password (in this case test12): | |
# 908D C60A 7465 7374 3132 | |
# | |
# Take the SHA-256 hash (assuming the hashing function wasn't modified): | |
# A5B9 24B3 096B 8897 D65A 3B5F 80FA 5DB62 A94 B831 22CD F4F8 FEAD 10D5 15D8 F391 | |
# | |
# Concatenate the salt again: | |
# 908D C60A A5B9 24B3 096B 8897 D65A 3B5F 80FA 5DB62 A94 B831 22CD F4F8 FEAD 10D5 15D8 F391 | |
# | |
# Convert to base64 encoding: | |
# kI3GCqW5JLMJa4iX1lo7X4D6XbYqlLgxIs30+P6tENUV2POR | |
# Sources: | |
# https://www.rabbitmq.com/passwords.html | |
# https://gist.github.com/christianclinton/faa1aef119a0919aeb2e | |
def encode_rabbit_password_hash(salt, password): | |
sha256 = hashlib.sha256(salt + password.encode('utf-8')).digest() | |
password_hash = binascii.b2a_base64(salt + sha256).strip() | |
return password_hash | |
def decode_rabbit_password_hash(password_hash): | |
decoded_hash = binascii.a2b_base64(password_hash) | |
return decoded_hash[:4], decoded_hash[4:] | |
def check_rabbit_password(test_password, password_hash): | |
salt, hash_sha256 = decode_rabbit_password_hash(password_hash) | |
test_password_hash = encode_rabbit_password_hash(salt, test_password) | |
return test_password_hash == password_hash | |
if __name__ == '__main__': | |
password_hash = b'kI3GCqW5JLMJa4iX1lo7X4D6XbYqlLgxIs30+P6tENUV2POR' | |
assert encode_rabbit_password_hash(b'\x90\x8d\xc6\x0a', 'test12') == password_hash | |
assert check_rabbit_password('test12', password_hash) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment