Salt encryption is to mix a random string into the encryption. this string is called & quot; salt value & quot ;, here, let's take a look at the usage of the salt-based hash encryption and verification functions in the Python Flask framework:
Password encryption
The main form of password storage:
Password encryption methods:
Plaintext transcoding encryption: BASE64, 7BIT, etc. this method is just a blind eye, not a real encryption.
Symmetric algorithm encryption: DES, RSA, and so on.
Signature Algorithm encryption: It can also be understood as one-way hash encryption, such as MD5 and SHA1. Fixed encryption algorithm, capacity
It is vulnerable to brute-force cracking. If the password is the same, the hash value is the same.
Add salt Hash Encryption: add a random string (salt value) to the encryption before performing hash encryption. Even if the password is the same and the salt value is different, the hash value is also different. Currently, this encryption method is mainly used in website development.
Password generation function: generate_password_hash
Function definition:
werkzeug.security.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
Generate_password_hash is a cryptographic and salt hashing function.
Check_password_hash.
The hash string format after hash is as follows:
method$salt$hash
Parameter description:
Password: plaintext password
Method: hash method (which must be supported by the hashlib Library). The format is
Pbpdf2: [: Iterations]. Parameter description:
Method: hash method, generally SHA1,
Iterations: (optional) number of iterations. the default value is 1000.
Slat_length: the length of the salt value. The default value is 8.
Example of password generation:
>>> from werkzeug.security import generate_password_hash>>> print generate_password_hash('123456')'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'
Because the salt value is random, the generated hash value is not the same even for the same password.
Password verification function: check_password_hash
Function definition:
werkzeug.security.check_password_hash(pwhash, password)
The check_password_hash function is used to verify the password that has passed the generate_password_hash hash.
. If the password matches, true is returned; otherwise, false is returned.
Parameters:
Password verification example:
>>> from werkzeug.security import check_password_hash>>> pwhash = 'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'>>> print check_password_hash(pwhash, '123456')True
Example
from werkzeug.security import generate_password_hash, \ check_password_hashclass User(object): def __init__(self, username, password): self.username = username self.set_password(password) def set_password(self, password): self.pw_hash = generate_password_hash(password) def check_password(self, password): return check_password_hash(self.pw_hash, password)
Let's take a look at how it works:
>>> me = User('John Doe', 'default')>>> me.pw_hash'sha1$Z9wtkQam$7e6e814998ab3de2b63401a58063c79d92865d79'>>> me.check_password('default')True>>> me.check_password('defaultx')False
Summary
The above is the password generation and verification method. Generally, the default encryption strength is sufficient.
For more complex passwords, you can increase the length of the salt value and the number of iterations.
For more information about encryption and verification of passwords using salt hashing in The Flask framework, see PHP!