Shulou(Shulou.com)06/03 Report--

I would like to share with you the example analysis of password adding salt in python. I believe most people don't know much about it, so share this article for your reference. I hope you can learn a lot after reading this article. Let's learn about it together.

What is password encryption: the password registered by a user is generally encrypted by the website administrator using the md5 method. The advantage of this encryption method is that it is one-way encrypted, that is, only when you know in advance the md5 and password corresponding to a string of passwords can you deduce what the password is, although there is a very small chance that the encrypted values of the two passwords are equal (this phenomenon is called collision). But basically don't worry, because the probability is extremely low. There are also methods such as sha1 () in commonly used hashlib modules, which are essentially the same as md5, except that the result is 160 bit bytes, usually represented by a 40-bit hexadecimal string. While md5 is the most common encryption algorithm, the generation speed is very fast, and the result is a fixed 128 bit bytes, usually represented by a 32-bit hexadecimal string.

What is adding salt to the password: see above, the following content is extracted from Baidu encyclopedia, is a general definition and explanation of the rainbow table, in order to prevent hackers from using the rainbow table to reverse the embezzlement of users' password account information, you need to add 'salt' to the password. In fact, to put it simply, when you use the md5 encryption method in the hashlib module, pass in the salt you want to give, or simply generate it randomly (more secure Encapsulate salt in a class).

The rainbow table is a pre-calculated table used to encrypt the inverse operation of hash functions, prepared for cracking the hash values of passwords (or hash values, thumbnails, abstracts, fingerprints, hash texts). Generally speaking, the mainstream rainbow watches are more than 100g. Such tables are often used to recover fixed-length plain text passwords consisting of a finite set of characters.

Introduction to md5 and sha1 encryption

Import hashlibmd5=hashlib.md5 () md5.update ('this is an example'.encode (' utf-8')) md5.update ('again'.encode (' utf-8')) # remember here that the update () method can be called multiple times and you can try it yourself. Print (md5.hexdigest ()) # inherits the above sha1=hashlib.sha1 () sha1.update ('this is an example'.encode (' utf-8')) sha1.update ('...' encode ('utf-8')) print (sha1.hexdigest ())

The following is the use of md5 encryption and salt methods to achieve a simple user registration, store the information in the dictionary, and then simulate login.

#! / usr/bin/python3#-*-coding:UTF-8-*-import hashlib,random# register storage= {} def registration (uMagin p): if u in storage: return 'username occupied.please choose another username...' Else: storage [u] = Users (uMagne p) # encryption method def get_md5 (s): return hashlib.md5 (s.encode ('utf-8')). Hexdigest () # Log in to class Users (object): def _ init__ (self,username,password): self.username=username #! Note that the salt is given randomly. Each time you register an account and give it to the salt, it is encapsulated in the Users class. When the login function is equal, # a.salt is the salt encapsulated at the time of registration, and it is a fixed salt, so as long as the account password is correct. Self.salt=''.join ([chr (random.randint (48122)) for i in range (20)]) self.password=get_md5 (password+self.salt) def login (user,pw): if user not in storage.keys (): return 'wrong username' else: a=storage [user] if a.password==get_md5 (pw+a.salt): return' succeeded' else: return 'wrong password'registration (' mary','12345') registration ('bob') 'aa895') registration (' kirk','ba155') print (storage) print (login ('mary','12345'))

The most important thing is to understand that each time the salt is sealed. In the login function, login can be achieved as long as the password entered by the user + the encapsulated salt is correct.

The above is all the contents of the article "sample Analysis of password adding Salt in python". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.