def stretch_password()

in fxa/crypto.py [0:0]

• 11 lines of code
• 2 McCabe index (conditional complexity)

def stretch_password(salt, password):
    """Perform a "stretch" operation on the given credentials.

    This performs a largish number of PBKDF2 rounds on the given password.
    And produces a password that is resistant to brute force guessing. This
    is now the preferred stretching approaching
    """

    if not password:
        raise ValueError("password must be provided")

    # Ensure the core salt value is being used, not prefixed version.
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=check_salt(2, create_salt(2, salt)),
        iterations=650000,
        backend=backend
    )
    return kdf.derive(check_password(password))