Hướng dẫn hash password python
|
In this article, we are going to know how to hash passwords in python. Show A strong password provides safety. Plain text passwords are extremely insecure, so we need to strengthen the passwords by hashing the password. Hashing passwords is a cheap and secure method that keeps the passwords safe from malicious activity. Password hashing generates a unique password for every text, even if the plaintext password is the same. Why do we need to Hash a Password?Hashing is used mainly to protect a password from hackers. Suppose, if a website is hacked, cybercriminals don’t get access to your password. Instead, they just get access to the encrypted “hash” created by the method of hashing. What is salt in hashing?In cryptography, a salt is random data used as an additional input to a one-way function that hashes data, such as a password. Salts are used to keep passwords safe while they are being stored. Historically, only the password’s cryptographic hash function was maintained on a system, but over time, additional precautions were developed to prevent the identification of duplicate or common passwords. One such prevention is salting.  Encryption: Encryption is the process of encoding plain text or any information in such a way that only authorized people can read it with a corresponding key so that confidential data can be protected from unauthorized persons. Hashing: Hashing converts any amount of data into a fixed-length hash that cannot be reversed. It is widely used in cryptography. The hash allows us to validate if the input has changed even slightly, if it is changed the resulting hash will be different. In this article, we are going to learn the Salted Password Hashing technique. It includes converting an algorithm to map data of any size to a fixed length. What is BCrypt?The BCrypt Algorithm is used to hash and salt passwords in a secure way. BCrypt enables the creation of a password protection layer that can develop local hardware innovation in order to protect against long-term hazards or threats, such as attackers having the computational capacity to guess passwords twice as efficiently. Install bcrypt using pip: pip install bcrypt Example: In this Program, we will be hashing the password using bcrypt. Here we are using “GeekPassword”as an input to be converted to a hash. Python
Output: What is Hashlib?The Python hashlib module is an interface for easily hashing messages. This contains many methods that will handle hashing any raw message into an encrypted format. The main purpose of this module is to use a hash function on a string and encrypt it so that it is very difficult to decrypt it. hash library: It is used to create a hash table. The hash table is a data structure that is designed for searching through a set of entries, each of which is identified by a unique key. Install hashlib using pip: pip install hashlib Example 2: In this Program, we will be hashing the password using hashlib. Here we are using “GeekPassword”as an input to be converted to a hash. Python
Output: Tìm hiểu khi sử dụng các hàm băm tạo dữ liệu lưu trữ passwordKhi lưu trữ password vào CSDL thường sẽ sử dụng các hàm băm khác nhau được hỗ trợ bởi hệ CSDL hoặc ngôn ngữ lập trình (như MD5, SHA1 ...) để tạo dữ liệu mã hóa, dữ liệu mã hóa đó được lưu vào CSDL. Ví dụ: $raw_password = 'abc123'; $crypt = md5($raw_password); //e99a18c428cb38d5f260853678922e03 Ví dụ trên, đã sử dụng hàm băm của PHP là Bởi vì hàm băm tạo ra các giá trị không thể dịch ngược (không có thuật toán để giải
giá trị hash Sử dụng Salt tăng cường an toàn cho mật khẩuĐể phức tạp hóa mật khẩu lưu trữ, thì các mật khẩu gốc trước khi mã hóa được nối thêm các chuỗi, các chuỗi thêm
này gọi là Ví dụ: $raw_password = 'abc123'; //Sinh ra chuỗi dài 32 ngẫu nhiên, cũng cần lưu chuỗi này vào một cột trong DB $salt = random_bytes(32); //Sử dụng thêm một salt cố định $staticSalt = 'G4334#'; $crypt = md5($staticSalt.$raw_password.$salt); Giờ mật khẩu lưu trữ ở trên phức tạp hơn rất nhiều. Biết được |
