比较Python中的salt哈希密码以获得授权

import base64 import hashlib hash = 'EwxBhfN0fM5Puv8/z+3/L50QvdU6BHFb4XQU9xtye/mOXJ8tBPc3tIyW7dEiZrvA' password = 'some_plain_password' #password = password.encode() password = base64.b64decode(password) #hash to byte b_hash = base64.b64decode (hash) print(b_hash) #get salt, first 16 bytes salt = b_hash[:15] salt=base64.b64encode(salt) print(salt) m = hashlib.sha256() m.update(salt) m.update(password) print(m.hexdigest())

2条回答

网友

1楼 · 编辑于 2024-10-02 00:26:44

如果不使用示例明文和哈希来验证结果，则执行此操作有点棘手，但您的代码应该实现您在问题中列出的算法：

Base64(salt + SHA256(salt + password))

我想你想要这样的东西：

import base64
import hashlib

hash = 'EwxBhfN0fM5Puv8/z+3/L50QvdU6BHFb4XQU9xtye/mOXJ8tBPc3tIyW7dEiZrvA'
salt = base64.b64decode(hash)[:16]  # Use 16 here, not 15

password = 'some_plain_password'

# First let's do the SHA256(salt + password) part
m = hashlib.sha256()
m.update(salt)
m.update(password.encode('utf-8'))

# Now let's feed that into the Base64 part
new_hash = base64.encode(salt + m.digest())

网友

2楼 · 编辑于 2024-10-02 00:26:44

我的帖子不是100%的答案，而是故事的结尾。问题在于，没有官方来源CryptographyManager.Compare/Create Hash的工作原理我尝试了很多与Base64（salt+SHA256（salt+password））的组合，但都没有成功。最后，我决定重写C代码。如果有人正在寻找对密码进行盐析和散列的python代码，并比较两种散列，下面是我的工作示例：

import base64
import hashlib
import os


class Hashing(object):

    # base64( SHA256(password + salt) + salt)

    # generate new salt (default 16 bytes_
    def generate_new_salt(self, salt_ln=16):

        self.new_salt = os.urandom(salt_ln)

        print(f'new salt: {self.new_salt}')

        return self.new_salt

    # get salt from hash
    def get_old_salt(self, input_hash, salt_ln=16):

        self.old_salt = base64.b64decode(input_hash)[-salt_ln:]

        print(f'old salt: {self.old_salt}')

        return self.old_salt

    # compute hash using parameters
    def compute_hash(self, password, salt):

        self.salt = salt
        self.enc_password = password.encode()

        # hashing SHA256(password + salt)
        hash_object = hashlib.sha256(self.enc_password + salt)

        # add salt to hash and encode to base64
        hash_b64 = base64.b64encode(hash_object.digest() + salt)

        print(f'new_hash: {hash_b64}')
        return hash_b64

    # create hash from new or old salt
    def create_hash(self, password, salt_ln=16,old_salt=None):

        if old_salt:    #if old salt then use it
            self.salt = old_salt
        else:           #else generate new salt
            self.salt = Hashing().generate_new_salt(salt_ln)


        hash = Hashing().compute_hash(password, self.salt)

        return hash

    # compare input hash with created using salt get from input
    def compare_hashes(self, password, old_hash, salt_ln=16):

        self.enc_password = password.encode()

        #get salt from input hash
        self.old_salt = Hashing().get_old_salt(old_hash, salt_ln)

        #recreat input hash
        re_hash = Hashing().create_new_hash(password,salt_ln, self.old_salt)

        print(f'Compare: old_hash: {old_hash}')
        print(f'Compare: new_hash: {re_hash}')

        #compare
        if re_hash.decode() == old_hash.decode():
            return True
        else:
            return False


#code below is just for testing

NewSalt = Hashing().generate_new_salt()

Hash = Hashing().create_new_hash('pass')

OldSalt = Hashing().get_old_salt(Hash)

CompareHash = Hashing().compare_hashes('pass', Hash)

if CompareHash:
    print('HASHES THE SAME')
else:
    print('NOT THE SAME')

print(CompareHash)

相关问题更多 >

编程相关推荐

热门问题

热门文章