Menu
Moodle saves hashed passwords in the user table in this the format:
If the stored password is:
$2y$10$UB6vKrpw227eqVXj2PiPou9c0eRtxsdU02fo9.wc3VtsA2FI.gS6a
then:
$2y$= the id of the hashing algorithm used (crypt_blowfish), enclosed in dollar signs.
10$= the cost of using that algorithm (two digits) followed by a dollar sign.
UB6vKrpw227eqVXj2PiPou= randomly generated secure salt (22 characters).
9c0eRtxsdU02fo9.wc3VtsA2FI.gS6a= the hash (31 characters).
I have the plain password in text. I can't figure out how to check it with Python.
446
It is simply done using bcrypt:
pip install bcrypt
Then it is just a matter of calling the checkpw() function:
import bcrypt
hashed = b'$2y$10$UB6vKrpw227eqVXj2PiPou9c0eRtxsdU02fo9.wc3VtsA2FI.gS6a'
password = input('Enter password:').encode()
if bcrypt.checkpw(password, hashed):
print('Correct password entered!')
else:
print('Password is wrong!')
Note that bcrypt is working with bytes and not strings, which is why the user input must be run through .encode().
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
