Encryption and verification of passwords using salt hashing in The Flask framework

Salt encryption is to mix a random string into the encryption. this string is called & quot; salt value & quot ;, here, let's take a look at the usage of the salt-based hash encryption and verification functions in the Python Flask framework: Password encryption

The main form of password storage:

• Plaintext storage: it can be identified by the naked eye without any security.

• Encrypted storage: the original password is difficult to be recognized through certain transformations.

Password encryption methods:

• Plaintext transcoding encryption: BASE64, 7BIT, etc. this method is just a blind eye, not a real encryption.

• Symmetric algorithm encryption: DES, RSA, and so on.

• Signature Algorithm encryption: It can also be understood as one-way hash encryption, such as MD5 and SHA1. Fixed encryption algorithm, capacity

• It is vulnerable to brute-force cracking. If the password is the same, the hash value is the same.

• Add salt Hash Encryption: add a random string (salt value) to the encryption before performing hash encryption. Even if the password is the same and the salt value is different, the hash value is also different. Currently, this encryption method is mainly used in website development.

• Password generation function: generate_password_hash

Function definition:

werkzeug.security.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)

Generate_password_hash is a cryptographic and salt hashing function.
Check_password_hash.

The hash string format after hash is as follows:

method$salt$hash

Parameter description:

• Password: plaintext password

• Method: hash method (which must be supported by the hashlib Library). The format is

• Pbpdf2: [: Iterations]. Parameter description:

• Method: hash method, generally SHA1,

• Iterations: (optional) number of iterations. the default value is 1000.

• Slat_length: the length of the salt value. The default value is 8.

Example of password generation:

>>> from werkzeug.security import generate_password_hash>>> print generate_password_hash('123456')'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'

Because the salt value is random, the generated hash value is not the same even for the same password.

Password verification function: check_password_hash
Function definition:

werkzeug.security.check_password_hash(pwhash, password)

The check_password_hash function is used to verify the password that has passed the generate_password_hash hash.
. If the password matches, true is returned; otherwise, false is returned.

Parameters:

• Pwhash: the hash string generated by generate_password_hash

• Password: plaintext password to be verified

Password verification example:

>>> from werkzeug.security import check_password_hash>>> pwhash = 'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'>>> print check_password_hash(pwhash, '123456')True

Example

from werkzeug.security import generate_password_hash, \   check_password_hashclass User(object):  def __init__(self, username, password):    self.username = username    self.set_password(password)  def set_password(self, password):    self.pw_hash = generate_password_hash(password)  def check_password(self, password):    return check_password_hash(self.pw_hash, password)

Let's take a look at how it works:

>>> me = User('John Doe', 'default')>>> me.pw_hash'sha1$Z9wtkQam$7e6e814998ab3de2b63401a58063c79d92865d79'>>> me.check_password('default')True>>> me.check_password('defaultx')False

Summary
The above is the password generation and verification method. Generally, the default encryption strength is sufficient.
For more complex passwords, you can increase the length of the salt value and the number of iterations.

For more information about encryption and verification of passwords using salt hashing in The Flask framework, see PHP!