Mis*_*M23 1 python encryption sha256
我正在使用python和flask开发一个webapp。它有一个用户系统,当然还有一个注册表。我正在使用 passlib.hash.sha256 来加密想要注册的用户的密码。这是我在做什么:
from passlib.hash import sha256_crypt as sha256
[...]
if request.method == "POST" and form.validate():
username = request.form['username']
password = request.form['password']
confirm_password = request.form['confirm_password']
email = request.form['email']
password = sha256.encrypt(password) #Encryption.
c, conn = connection('accounts') #Connection to the database
x = c.execute("SELECT * FROM accounts WHERE username = '%s' OR email = '%s'" %(thwart(username), thwart(email)))
if x:
flash("We are very sorry, but this Username/Email-address is already taken. Please try again")
else:
c.execute('INSERT INTO accounts VALUES ("%s", "%s", "%s")' %(thwart(username), thwart(password), thwart(email)))
conn.commit()
flash('Succesfully Registered!')
在数据库中,即使输入了相同的密码,哈希值也始终在变化。有人知道为什么吗?我究竟做错了什么?
Fristly,那请注意sha256_crypt.encrypt(..),因为1.7版本已被弃用,取而代之更名为sha256_crypt.hash(..)让您拥有
hash = sha256_crypt.hash("password")
用于创建哈希。由于散列包含随机盐,因此您无法重新计算散列并进行比较,而应在表中查找散列,然后以sha256_crypt.verify()类似方式使用它:
sha256_crypt.verify("password", hash)
| 归档时间: |
|
| 查看次数: |
2260 次 |
| 最近记录: |