def generate_challenge(key, mac_key, challenge_size=32, bytes_per_hash=1,
hash_function="sha256", unencrypted_data='',
answer=bytes()):
""" Create a challenge that only the holder of key should be able to solve.
mac_key is required to assure integrity and authenticity of the
challenge to the client.
challenge_size is the total amount of data the client must crack.
A random challenge of challenge_size is generated, and separated into
challenge_size / bytes_per_hash subchallenges. The time taken to crack
a single subchallenge is O(2**n) (? not sure!), where n is the number
of bytes_per_hash.
hash_function is a string name of an algorithm available in the hashlib module
unencrypted_data is an optional string of data to be packaged with the challenge.
The data is not kept confidential, but possesses integrity and authenticity
because of the message authentication code over the entire package.
answer is an optional string, that when supplied, is used instead of a
random challenge. If supplied, the challenge_size argument has no effect. """
answer = answer or random._urandom(challenge_size)
challenge = encrypt(answer, key, hmac_factory(hash_function), input_block_size=bytes_per_hash)
package = save_data(challenge, bytes_per_hash, unencrypted_data)
return (save_data(generate_mac(mac_key, package, hash_function), hash_function, package),
answer)
评论列表
文章目录
