@command(b'goreposum', [], _('url'), norepo=True)
def goreposum(ui, url):
  """
  goreposum computes a checksum of all the named state in the remote repo.
  It hashes together all the branch names and hashes
  and then all the bookmark names and hashes.
  Tags are stored in .hgtags files in any of the branches,
  so the branch metadata includes the tags as well.
  """
  h = hashlib.sha256()
  peer = hg.peer(ui, {}, url)

///

## Die Passwörter hashen und überprüfen { #hash-and-verify-the-passwords }

Importieren Sie die benötigten Tools aus `pwdlib`.

Erstellen Sie eine PasswordHash-Instanz mit empfohlenen Einstellungen – sie wird für das Hashen und Verifizieren von Passwörtern verwendet.

/// tip | Tipp

 * This class currently pins a certificate's Subject Public Key Info as described on
 * [Adam Langley's Weblog][langley]. Pins are either base64 SHA-256 hashes as in
 * [HTTP Public Key Pinning (HPKP)][rfc_7469] or SHA-1 base64 hashes as in Chromium's
 * [static certificates][static_certificates].
 *
 * ## Setting up Certificate Pinning
 *

        int key2 = key1 ^ (1 << i);
        // get hashes
        int hash1 = function.hashInt(key1).asInt();
        int hash2 = function.hashInt(key2).asInt();
        // test whether the hash values have same output bits
        same |= ~(hash1 ^ hash2);
        // test whether the hash values have different output bits
        diff |= hash1 ^ hash2;

        count++;

                 * hashes and the other does then they will not be considered equal even
                 * though they may be.
                 */
            }
            return true;
        }
        return false;
    }

    /**
     * Check whether the password hashes are externally supplied.
     *
     * @return whether the hashes are externally supplied
     */

Por ejemplo, podrías usarlo para leer y verificar contraseñas generadas por otro sistema (como Django) pero hacer hash de cualquier contraseña nueva con un algoritmo diferente como Argon2 o Bcrypt.

Y ser compatible con todos ellos al mismo tiempo.

///

Crea una función de utilidad para hacer el hash de una contraseña que venga del usuario.

        }
    }

    /**
     * Hashes the specified text using the given algorithm and converts it to a string.
     *
     * @param algorithm
     *            The algorithm. Must not be {@literal null} or an empty string.
     * @param text
     *            The string to be hashed.
     * @return The hashed string.
     */

Então, o invasor não poderá tentar usar essas senhas em outro sistema (como muitos usuários utilizam a mesma senha em vários lugares, isso seria perigoso).

## Instalar o `pwdlib` { #install-pwdlib }

pwdlib é um excelente pacote Python para lidar com hashes de senhas.

#	make v1.2.3.test
#
# and then if changes are needed, check them into master
# and run 'make v1.2.3.rm' and repeat.
#
# Note that once published a snapshot zip file should never
# be modified. We record the sha256 hashes of the zip files
# in fips140.sum, and the cmd/go/internal/fips140 test checks
# that the zips match.
#
# When the zip file is finalized, run 'make updatesum' to update
# fips140.sum.

default:

     */