From bfb3dccf29f6c2062e3e8a8f10acde667af63f47 Mon Sep 17 00:00:00 2001
From: XANTRONIX Development <dev@xantronix.com>
Date: Fri, 29 Nov 2024 19:12:46 -0500
Subject: [PATCH] Initial implementation of nntp.tiny.passwd

---
 lib/nntp/tiny/passwd.py | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 lib/nntp/tiny/passwd.py

diff --git a/lib/nntp/tiny/passwd.py b/lib/nntp/tiny/passwd.py
new file mode 100644
index 0000000..e71b4d3
--- /dev/null
+++ b/lib/nntp/tiny/passwd.py
@@ -0,0 +1,36 @@
+import os
+import base64
+import hashlib
+import secrets
+
+ALGORITHM = "pbkdf2_sha256"
+
+def crypt(password: str, salt: bytes=None, iterations=260000) -> str:
+    if salt is None:
+        salt = os.urandom(16)
+
+    hashed = hashlib.pbkdf2_hmac(
+        'sha256', bytes(password, 'utf-8'), salt, iterations
+    )
+
+    return '$'.join([
+        ALGORITHM,
+        str(iterations),
+        str(base64.b64encode(salt), 'ascii'),
+        str(base64.b64encode(hashed), 'ascii')
+    ])
+
+def compare(password: str, crypted: str) -> bool:
+    parts = crypted.split('$', 4)
+
+    if len(parts) != 4:
+        return False
+
+    algorithm, iterations, salt, hashed = parts
+
+    if algorithm != ALGORITHM:
+        return False
+
+    new_crypted = crypt(password, base64.b64decode(salt))
+
+    return secrets.compare_digest(crypted, new_crypted)