Code Room
CodingMediumcod-g1108
Subject CryptographyLevel Mid–Senior~25 minCommon in Security · Algorithms & data structures interviewsIndustries Software development

Question

Implement a password verifier using PBKDF2-HMAC-SHA256. Given a stored record string of the form 'pbkdf2_sha256$<iterations>$<salt_hex>$<hash_hex>' and a candidate password, return True if the password reproduces the stored hash. Derive the key with hashlib.pbkdf2_hmac('sha256', password_bytes, salt_bytes, iterations) where salt is the hex-decoded salt and the result is compared using a constant-time comparison. Return False if the record is malformed (wrong number of '$'-separated fields or wrong algorithm tag).

Implement
verify_password(record: str, password: str) → bool
Examples
in["pbkdf2_sha256$1000$a1b2c3d4$8e6ba43d3bb656493844999beb2e04ff4f723f2169e2af3ae7ee1b6768b29288","hunter2"]outtrue
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.