Introduction to Password encryption
Key forms of Password storage:
Clear text storage: The naked eye can be identified without any security.
Encrypted storage: Through a certain transformation form, so that the original password is not easily recognized.
Several ways to encrypt passwords:
PlainText transcoding encryption: BASE64, 7BIT, and so on, this way is just a fake, not real encryption.
Symmetric algorithm encryption: DES, RSA and so on.
Signature Algorithm encryption: Also can be understood as one-way hash encryption, such as MD5, SHA1 and so on. Encryption algorithm is fixed, capacity
Easily be violently cracked. If the password is the same, the resulting hash value is the same.
Add salt hash Encryption: Encrypt with a "random" string (salt value) and then hash encryption. Even if the password is the same, if the salt value is different, then the hash value is not the same. Now the main use of this encryption method in Web development.
Password generation function: Generate_password_hash
function definition:
Werkzeug.security.generate_password_hash (password, method= ' pbkdf2:sha1 ', salt_length=8)
Generate_password_hash is a cryptographic salt hash function that generates a hash value that can be
Check_password_hash () to verify.
The hash string after hashing is formatted like this:
Method$salt$hash
Parameter description:
Password: plaintext password
Method: The way to hash (need to be supported by the Hashlib Library) in the format
Pbpdf2:<method>[:iterations]. Parameter description:
Method: The way of hashing, generally SHA1,
Iterations: (optional parameter) iteration count, default is 1000.
Slat_length: The length of the salt value, which defaults to 8.
Example of password generation:
>>> from werkzeug.security import generate_password_hash>>> print generate_password_hash (' 123456 ') ' pbkdf2:sha1:1000$x97hpa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370 '
Because the salt value is random, it is the same password, and the resulting hash value will not be the same.
Password verification function: Check_password_hash
function definition:
Werkzeug.security.check_password_hash (pwhash, password)
The Check_password_hash function is used to validate a password that has been Generate_password_hash hashed
。 If the password matches, the return is true, otherwise false is returned.
Parameters:
Example of password validation:
>>> from werkzeug.security import check_password_hash>>> pwhash = ' pbkdf2:sha1:1000$x97hpa3g$ 252c0cca000c3674b8ef7a2b8ecd409695aac370 ' >>> print Check_password_hash (pwhash, ' 123456 ') True
Examples Show
From werkzeug.security import Generate_password_hash, \ check_password_hashclass User (object): def __init__ ( Self, username, password): self.username = username self.set_password (password) def set_password (self, Password): self.pw_hash = generate_password_hash (password) def check_password (self, password): return Check_password_hash (self.pw_hash, password)
Let's see how it works:
>>> me = User (' John Doe ', ' Default ') >>> Me.pw_hash ' sha1$z9wtkqam$ 7e6e814998ab3de2b63401a58063c79d92865d79 ' >>> me.check_password (' default ') true>>> Me.check_ Password (' Defaultx ') False
Summary
Above is the method of password generation and verification, in general, the default encryption strength is sufficient, if you need to
For more complex passwords, you can increase the length of the salt and the number of iterations.