in fxa/crypto.py [0:0]
def quick_stretch_password(email, password):
"""Perform the "quick stretch" operation on the given credentials.
This performs a smallish number of PBKDF2 rounds on the given password.
It's designed as a compromise between the amount of computation done by
the client (which may be very resource constrained) and resistance to
brute-force guessing (which would ideally demand more stretching).
"""
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=check_salt(1, create_salt(1, email)),
iterations=1000,
backend=backend
)
return kdf.derive(check_password(password))