Python--hashlib

The module implements a common interface for many secure hashing and message digest algorithms, including FIPS secure hashing algorithms: SHA1, SHA224, SHA256, SHA384 and SHA512 algorithms (defined in FIPS 180-2), and the MD5 algorithm for RSA (in definition in RFC 1321 ). The "Secure Hash" and "message digest" are equivalent, and the old algorithm is called the Message Digest, and the new term is called a secure hash.

* The Adler32 and CRC32 algorithms are in the Zlib module.

* Some algorithms have known hash conflict vulnerabilities, please refer to "vi. See also".

Directory

First, create a hash object

Second, module properties

Third, the property of the hash object

Four, the method of the hash object

Five, key export function

Vi. See Also

First, create a hash object

Each type of hash algorithm corresponds to a constructor that returns a hash object with the same interface.

the constructor or hash algorithm that the module must support There are: MD5 (),SHA1 (),sha224 (),sha256 (),sha384 () and sha512 (), The other algorithm depends on the support of the OpenSSL library that Python relies on on your platform.

　　call HASHLIB.SHA1 () to create a hash object based on the SHA1 algorithm, and then use the update () method to populate it with arbitrary strings. You can use digest () or hexdigest () to summarize a connection to an existing string in this object at any time.  

For example:

Get A summary of ' Nobody inspects the spammish repetition '

Import hashlib>>> m = hashlib.md5 ()>>> m.update ("Nobody inspects  ")>>> m.update (" the spammish repetition")>> > m.digest ()'\xbbd\x9c\x83\xdd\x1e\xa5\xc9\xd9\xde\xc9\xa1\x8d\xf0\xff\xe9 '>>> m.digest_size16>>> m.block_size64

Can be used in a more concise way:

>>> hashlib.sha224 ("Nobody inspects the spammish repetition"). Hexdigest ()  'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2'

A generic new () constructor can also be used to generate a hash object, the first parameter of the constructor is the name of the algorithm, which is equivalent to the specific algorithm corresponding to the dedicated constructor. However, the constructors dedicated to specific algorithms are faster and should be used preferentially.

For example:

>>> h = hashlib.new ('ripemd160')>>> h.update ("  Nobody inspects the spammish repetition")>>> h.hexdigest ()'  CC4A5CE1B3DF48AEC5D22D1F16B894A0B894ECCC'

Second, module properties

hashlib.algorithms

　　 A tuple that lists the name of the algorithm supported by the module, introduced by Python 2.7.

　　

Hashlib.algorithms_guaranteed

A collection containing the name of the algorithm that the module supports across all platforms, introduced by Python 2.7.9.

　　

Hashlib.algorithms_available

A collection that contains the hash algorithm name supported by the current Python interpreter, which is always valid when the name in the collection is passed in to new (). Algorithms_guaranteed is a subset of this attribute, and the same algorithm may appear multiple times in this set with different names (thanks to OpenSSL), thePython 2.7.9 is introduced.

　　

Third, the property of the hash object

hash.digest_size

　　

The length of the resulting hash (bytes)

hash.block_size

　　

The length of the internal block of the hashing algorithm (bytes)

Four, the method of the hash object

hash.update (ARG)

　　

The hash object is updated with a string parameter, and multiple invocations are equal to calling the function, that is:m.update (a);m.update (b) is equivalent to m.update (a+b).

Changes in Python 2.7: The Python GIL is released-to-Allow and threads to run while hash updates on data larger than 2048 Bytes is taking place when using a hash algorithms supplied by OpenSSL.

hash.digest ()

　　

returns a summary of all connections that use the string passed in by the update () method. The length is digest_size and may contain non-ASCII characters, including 　　 null bytes.

hash.hexdigest ()

The length of the returned result is twice times the result of the Digest () method, with only 16 binary values, expressed in ASCII characters, and can be used in a non-binary environment.

hash.copy ()

　　　　

Returns a copy of the hash object, which can be used to efficiently compute a summary of some strings with the same substring.

Five, key export function

Key export (key derivation) and key stretch (key stretching) algorithms are designed to protect password hashes. Common algorithms such as SHA1 (password) can not withstand brute force attacks, a good hashing algorithm must be adjustable, including salt, and so on.

hashlib.pbkdf2_hmac (name, password, salt, rounds, Dklen=none)

　　

This function provides PKCS#5 key export function based on password, and uses HMAC as pseudo-random function.

The parameter name is the hash digest algorithm used by the HMAC, for example: ' SHA1 ' or ' sha256 '.

　　 password and salt are treated as byte strings, and the application should limit password to a reasonable length (for example: 1024). Salt should be about 16 or more bytes and have a reliable source (e.g. os.urandom ())

The parameter rounds should be based on algorithmic and computational capability settings, such as 100,000-wheel SHA-256 is the recommended number of times.

The parameter dklen is the length of the exported key. If dklen is None then the digest length of the hash algorithm specified with the parameter name , such as SHA-512, is 64.

Python 2.7.8 Introduction

Import hashlib, binascii>>> dk = Hashlib.pbkdf2_hmac ('sha256', b' Password ', b'salt', 100000)>>> binascii.hexlify (DK) b ' 0394A2EDE332C9A13EB82E9B24631604C31DF978B4E2F0FBD2C549944F9D79A5 '

* Note:

A quick implementation version of Pbkdf2_hmac can use OpenSSL, and Python implementations use the HMAC version within the line. This is slower and takes about three times times the former and does not release the Gil.

Vi. See also:

FIPS 180-2 documentation on secure hashing algorithms

Introduction to the problems of some hashing algorithms in Wikipedia

Python--hashlib