Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to compare plain text password to hashed password using bcrypt?

Tags:

python

bcrypt

I would like to use bcrypt to hash passwords and later verify if a supplied password is correct.

Hashing passwords is easy:

import bcrypt  password = u'foobar' password_hashed = bcrypt.hashpw(password, bcrypt.gensalt())  # then store password_hashed in a database 

How can I compare a plain text password to the stored hash?

like image 965
MFB Avatar asked Mar 04 '12 22:03

MFB


1 Answers

With py-bcrypt, you don't need to store the salt separately: bcrypt stores the salt in the hash.

You can simply use the hash as a salt, and the salt is stored in the beginning of the hash.

>>> import bcrypt >>> salt = bcrypt.gensalt() >>> hashed = bcrypt.hashpw('secret', salt) >>> hashed.find(salt) 0 >>> hashed == bcrypt.hashpw('secret', hashed) True >>> 
like image 121
user1581840 Avatar answered Sep 21 '22 03:09

user1581840