SECRETLIFE = 30*60,
## Maximum age of an authentication key, in seconds.
- SECRETFRESH = 5*60)
+ SECRETFRESH = 5*60,
+
+ ## Hash function to use for crypto.
+ AUTHHASH = H.sha256)
def cleansecrets():
"""Remove dead secrets from the database."""
def auth_tag(sec, stamp, nonce, user):
"""Compute a tag using secret SEC on `STAMP.NONCE.USER'."""
- hmac = HM.HMAC(sec, digestmod = H.sha256)
+ hmac = HM.HMAC(sec, digestmod = CFG.AUTHHASH)
hmac.update('%d.%s.%s' % (stamp, nonce, user))
return hack_octets(hmac.digest())