相同的密码哈希函数创建不同的哈希相同的密码

def get_password(userid): userid = userid.upper() logging.debug('get password for %s' % userid) conn_string = prop('database') conn = psycopg2.connect(conn_string) cursor = conn.cursor() sql = """ select password, salt from users where userid = %(userid)s """ cursor.execute(sql, {'userid':userid}) row = cursor.fetchone() if row is not None: dbpassword = row[0] dbsalt = str(row[1]) logging.debug('db password hash %s' % dbpassword) logging.debug('db password salt %s' % dbsalt) return dbpassword, dbsalt else: logging.debug('No details found for user') return None, None def check_password(password, userid): logging.debug('username/password to check is %s/%s' % (password, userid)) dbpassword, dbsalt = get_password(userid) if dbpassword is not None: test = hash_password(password, dbsalt) logging.debug('test password hash %s' % test) if test == dbpassword: logging.debug('password correct') return True else: logging.debug('password incorrect') return False else: return False def hash_password(password, salt): if salt == '0': logging.debug('hashing password') logging.debug('generate salt') salt = uuid.uuid4().hex logging.debug('salt = %s' % salt) hashed_password = crypt(password, salt) logging.debug('hashed password = %s' % hashed_password) return salt, hashed_password else: logging.debug('hash password for compare') hashed_password = crypt(password, salt) logging.debug('hashed password = %s' % hashed_password) return hashed_password def crypt(password, salt): hashed_password = hashlib.sha512(password.encode(encoding='utf_8') + salt.encode(encoding='utf_8')).hexdigest() return hashed_password

def new_user(): try: rqstSession = request.get_cookie('pysessionid', secret=prop('cookieSecret')) if check_session(rqstSession) is True: if request.forms.get('save','').strip(): userid = request.forms.get('userid', '').upper() password = request.forms.get('password','') confpassword = request.forms.get('confpassword','') salt = '0' if password is not '' and password == confpassword and userid is not '': salt, hashed_password = hash_password(userid, salt) conn_string = prop('database') conn = psycopg2.connect(conn_string) cursor = conn.cursor() sql = """ insert into users (id_usrr, userid, password, salt) values (nextval('users_id_usrr_seq'), %(userid)s, %(password)s, %(salt)s) """ cursor.execute(sql, {'userid':userid, 'password':hashed_password, 'salt':salt}) conn.commit() cursor.close() else: return template('newuser') else: return template('newuser') else: pysessionid = '' response.set_cookie('pysessionid', pysessionid, secret=prop('cookieSecret'), Expires='Thu, 01-Jan-1970 00:00:10 GMT', httponly=True) return template('main') except Exception as e: logging.debug(e) return '<p>Error</p>'

1条回答

网友

1楼 · 发布于 2024-09-27 00:20:30

我对安全不太了解，但我认为这可以解决你的问题

>>> # import the hash algorithm
>>> from passlib.hash import sha256_crypt

>>> # generate new salt, and hash a password
>>> hash = sha256_crypt.encrypt("toomanysecrets")
>>> hash
'$5$rounds=80000$zvpXD3gCkrt7tw.1$QqeTSolNHEfgryc5oMgiq1o8qCEAcmye3FoMSuvgToC'

>>> # verifying the password
>>> sha256_crypt.verify("toomanysecrets", hash)
True
>>> sha256_crypt.verify("joshua", hash)
False

比如说：

^{pr2}$

passlib

相关问题更多 >

编程相关推荐

热门问题

热门文章