Python: hashed and verified passwords are not the same
Question
I use hash_password function to hash my passwords:
def hash_password(self):
os_urandom_static = b"ID_\x12p:\x8d\xe7&\xcb\xf0=H1\xc1\x16\xac\xe5BX\xd7\xd6j\xe3i\x11\xbe\xaa\x05\xccc\xc2\xe8K\xcf\xf1\xac\x9bFy(\xfbn.`\xe9\xcd\xdd'\xdf`~vm\xae\xf2\x93WD\x04"
salt = hashlib.sha256(os_urandom_static).hexdigest().encode('ascii')
pwdhash = hashlib.pbkdf2_hmac('sha512', self.password.encode('utf-8'), salt, 100000)
pwdhash = binascii.hexlify(pwdhash)
return (salt + pwdhash).decode('ascii')
To verify passwords I use verify_password, I have added 2 prints at the end of function to check passwords and they are not the same. Where is the problem?
def verify_password(self, stored_password, provided_password):
salt = stored_password[:64]
stored_password = stored_password[64:]
pwdhash = hashlib.pbkdf2_hmac('sha512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
pwdhash = binascii.hexlify(pwdhash).decode('ascii')
print(pwdhash )
print(stored_password)
return pwdhash == stored_password
1 answers
solution1
0 2021-11-19 00:01:49
Works for me. But why make things complicated?
Instead, you could just compare the stored password with the hash of the provided password.
import hashlib, binascii
def hash_password(password):
os_urandom_static = b"ID_\x12p:\x8d\xe7&\xcb\xf0=H1\xc1\x16\xac\xe5BX\xd7\xd6j\xe3i\x11\xbe\xaa\x05\xccc\xc2\xe8K\xcf\xf1\xac\x9bFy(\xfbn.`\xe9\xcd\xdd'\xdf`~vm\xae\xf2\x93WD\x04"
salt = hashlib.sha256(os_urandom_static).hexdigest().encode('ascii')
pwdhash = hashlib.pbkdf2_hmac('sha512', password.encode('utf-8'), salt, 100000)
pwdhash = binascii.hexlify(pwdhash)
return (salt + pwdhash).decode('ascii')
stored_password = hash_password("Hello_World123")
print(stored_password)
def verify_password(stored_password, provided_password):
salt = stored_password[:64]
stored_password = stored_password[64:]
pwdhash = hashlib.pbkdf2_hmac('sha512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
pwdhash = binascii.hexlify(pwdhash).decode('ascii')
print(pwdhash )
print(stored_password)
return pwdhash == stored_password
def verify_password_simple(stored_password, provided_password):
return stored_password == hash_password(provided_password)
print("verify_password:", verify_password(stored_password, "Hello_World123"))
print("verify_password_simple:", verify_password_simple(stored_password, "Hello_World123"))
print("verify_password_simple:", verify_password_simple(stored_password, "Bad PW"))
Output:
af756be6069a4bc6b3cfc0ec42aa757ae70395852ff7cacda38d1ab7ba890a896aa3f98243946e4c5910a6317dc1e9d6f1e46b314aab9b038a00ae34dcc9b0887ace6b72a9363974c403372aa93276328091259ee4584e4a7ee950f47dc7d0e4
6aa3f98243946e4c5910a6317dc1e9d6f1e46b314aab9b038a00ae34dcc9b0887ace6b72a9363974c403372aa93276328091259ee4584e4a7ee950f47dc7d0e4
6aa3f98243946e4c5910a6317dc1e9d6f1e46b314aab9b038a00ae34dcc9b0887ace6b72a9363974c403372aa93276328091259ee4584e4a7ee950f47dc7d0e4
verify_password: True
verify_password_simple: True
verify_password_simple: False
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Python - How to store hashed passwords
Compare salted hashed passwords in Python for authorisation
How to compare hashed passwords stored as strings in python using bcrypt?
Saving hashed passwords - Safe?
Matching Hashed + Salted Passwords
encrypt passwords with python in same format as postfix mysql
Using Django authentication system with existing hashed passwords
How to store hashed passwords on SQLite3 database?
Passwords are not hashed with Django as well as some missing columns
Python Fabric : Executing functions on different hosts with different passwords, in the same script
Related Tags