擅长:python、mysql、java
<p>flask和django使用<code>hashlib.pbkdf2_hmac</code>生成密码散列。不同之处在于格式和编码。因此,可以透明地将密码哈希从一种格式转换为另一种格式。(我想知道为什么不均匀,减少摩擦)</p>
<pre><code>def trans_hash(str):
"""from flask to django"""
[alg, _hash_alg, rest] = str.split(':')
[iteration, salt, hashed] = rest.split('$')
# in flask hex() formated, so decode using b16decode
# https://github.com/pallets/werkzeug/blob/main/src/werkzeug/security.py#L162
raw_hash = base64.b16decode(hashed.strip().encode('ascii').upper())
# in django, use b64encode, https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/contrib/auth/hashers.py#L276
hashed = base64.b64encode(raw_hash).decode('ascii').strip()
rest = '$'.join([iteration, salt, hashed] )
return f"{alg}_{_hash_alg}${rest}"
</code></pre>
<p>flask中的密码哈希:</p>
<pre><code>pbkdf2:sha256:150000$zwBNBm5i$be85b2739ab81c94ea2596fe79c0f6e7d211561f5ea1525c5620e817ef3ea82b
</code></pre>
<p>将翻译为(django)</p>
<pre><code>pbkdf2_sha256$150000$zwBNBm5i$voWyc5q4HJTqJZb+ecD259IRVh9eoVJcViDoF+8+qCs=
</code></pre>