Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Salt and hash a password in Python

Tags:

python

authentication

passwords

hash

salt

This code is supposed to hash a password with a salt. The salt and hashed password are being saved in the database. The password itself is not.

Given the sensitive nature of the operation, I wanted to make sure everything was kosher. 

import hashlib import base64 import uuid  password = 'test_password' salt     = base64.urlsafe_b64encode(uuid.uuid4().bytes)   t_sha = hashlib.sha512() t_sha.update(password+salt) hashed_password =  base64.urlsafe_b64encode(t_sha.digest())
like image 604
Chris Dutrow Avatar asked Mar 07 '12 00:03

Chris Dutrow

People also ask

What is hash and salt of a password?

Hashing is a one-way function where data is mapped to a fixed-length value. Hashing is primarily used for authentication. Salting is an additional step during hashing, typically seen in association to hashed passwords, that adds an additional value to the end of the password that changes the hash value produced.

What is Bcrypt Python?

The bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. The bcrypt function is the default password hash algorithm for OpenBSD. There are implementations of bcrypt for C, C++, C#, Java, JavaScript, PHP, Python and other languages.

1 Answers

Based on the other answers to this question, I've implemented a new approach using bcrypt.

Why use bcrypt

If I understand correctly, the argument to use bcrypt over SHA512 is that bcrypt is designed to be slow. bcrypt also has an option to adjust how slow you want it to be when generating the hashed password for the first time:

# The '12' is the number that dictates the 'slowness' bcrypt.hashpw(password, bcrypt.gensalt( 12 ))

Slow is desirable because if a malicious party gets their hands on the table containing hashed passwords, then it is much more difficult to brute force them.

Implementation

def get_hashed_password(plain_text_password):     # Hash a password for the first time     #   (Using bcrypt, the salt is saved into the hash itself)     return bcrypt.hashpw(plain_text_password, bcrypt.gensalt())  def check_password(plain_text_password, hashed_password):     # Check hashed password. Using bcrypt, the salt is saved into the hash itself     return bcrypt.checkpw(plain_text_password, hashed_password)

Notes

I was able to install the library pretty easily in a linux system using:

pip install py-bcrypt

However, I had more trouble installing it on my windows systems. It appears to need a patch. See this Stack Overflow question: py-bcrypt installing on win 7 64bit python

like image 69
Chris Dutrow Avatar answered Sep 28 '22 17:09

Chris Dutrow
Sign in to Comment

Related questions

Why do I get a SyntaxError for a Unicode escape in my file path?
float64 with pandas to_csv
Numpy index slice without losing dimension information
Django - "no module named django.core.management"
Python CSV error: line contains NULL byte
Why does Popen.communicate() return b'hi\n' instead of 'hi'?
Get row-index values of Pandas DataFrame as list? [duplicate]
Python pickle error: UnicodeDecodeError
Where is my Django installation?
Assert that a method was called in a Python unit test
How to change fonts in matplotlib (python)?
How do I close a tkinter window?
How do I test if int value exists in Python Enum without using try/catch?
Display rows with one or more NaN values in pandas dataframe
Why does `True == False is False` evaluate to False? [duplicate]
Elegant way to check if a nested key exists in a dict?
Two way/reverse map [duplicate]
Analyze audio using Fast Fourier Transform
matplotlib colorbar for scatter
Can I remove script tags with BeautifulSoup?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!