Flask encryption and validation of passwords in the framework

Introduction to Password encryption

Key forms of Password storage:

• Clear text storage: The naked eye can be identified without any security.

• Encrypted storage: Through a certain transformation form, so that the original password is not easily recognized.

Several ways to encrypt passwords:

• PlainText transcoding encryption: BASE64, 7BIT, and so on, this way is just a fake, not real encryption.

• Symmetric algorithm encryption: DES, RSA and so on.

• Signature Algorithm encryption: Also can be understood as one-way hash encryption, such as MD5, SHA1 and so on. Encryption algorithm is fixed, capacity

• Easily be violently cracked. If the password is the same, the resulting hash value is the same.

• Add salt hash Encryption: Encrypt with a "random" string (salt value) and then hash encryption. Even if the password is the same, if the salt value is different, then the hash value is not the same. Now the main use of this encryption method in Web development.

• Password generation function: Generate_password_hash

function definition:

Werkzeug.security.generate_password_hash (password, method= ' pbkdf2:sha1 ', salt_length=8)

Generate_password_hash is a cryptographic salt hash function that generates a hash value that can be
Check_password_hash () to verify.

The hash string after hashing is formatted like this:

Method$salt$hash

Parameter description:

• Password: plaintext password

• Method: The way to hash (need to be supported by the Hashlib Library) in the format

• Pbpdf2:<method>[:iterations]. Parameter description:

• Method: The way of hashing, generally SHA1,

• Iterations: (optional parameter) iteration count, default is 1000.

• Slat_length: The length of the salt value, which defaults to 8.

Example of password generation:

>>> from werkzeug.security import generate_password_hash>>> print generate_password_hash (' 123456 ') ' pbkdf2:sha1:1000$x97hpa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370 '

Because the salt value is random, it is the same password, and the resulting hash value will not be the same.

Password verification function: Check_password_hash
function definition:

Werkzeug.security.check_password_hash (pwhash, password)

The Check_password_hash function is used to validate a password that has been Generate_password_hash hashed
。 If the password matches, the return is true, otherwise false is returned.

Parameters:

• Pwhash:generate_password_hash generated Hash string

• Password: plaintext password that needs to be verified

Example of password validation:

>>> from werkzeug.security import check_password_hash>>> pwhash = ' pbkdf2:sha1:1000$x97hpa3g$ 252c0cca000c3674b8ef7a2b8ecd409695aac370 ' >>> print Check_password_hash (pwhash, ' 123456 ') True

Examples Show

From werkzeug.security import Generate_password_hash, \   check_password_hashclass User (object):  def __init__ ( Self, username, password):    self.username = username    self.set_password (password)  def set_password (self, Password):    self.pw_hash = generate_password_hash (password)  def check_password (self, password):    return Check_password_hash (self.pw_hash, password)

Let's see how it works:

>>> me = User (' John Doe ', ' Default ') >>> Me.pw_hash ' sha1$z9wtkqam$ 7e6e814998ab3de2b63401a58063c79d92865d79 ' >>> me.check_password (' default ') true>>> Me.check_ Password (' Defaultx ') False

Summary
Above is the method of password generation and verification, in general, the default encryption strength is sufficient, if you need to
For more complex passwords, you can increase the length of the salt and the number of iterations.